Miner leading to high resource usage on Windows PCs

Jun 18, 2018 09:24 GMT  ·  By

A cryptocurrency miner was discovered in Andy Android emulator for Windows, with a thorough investigation carried out by the user community pointing to a malicious process silently deployed on PCs after the program was installed.

News of a cryptominer integrated into Andy went viral a few hours ago after reddit user TopWire came across a process called Updater.exe that runs even when the Android emulator is closed.

After further inspection, it was discovered that the mining program was deployed by Andy and can only be removed by uninstalling the Android emulator entirely.

Cryptominers use system resources to mine for various cryptocurrencies, sometimes leading to substantial slowdowns on computers where they are running. In this case, the cited reddit user says they observed major FPS drops at random times, only to discover that the GPU load and temperature increased substantially without any clear reason.

Installer not to blame

The issue was reported to Andy developers, and after the culprit was originally said to be a third-party tool used for building the app’s installer, it looks like code in the software, and not the installer itself, sends a request to download the malicious file.

“A friend opened Andy in process explorer to see the files it drops upon installation. By the looks of things, the installer isn't at fault. Andy itself calls an IP which then transfers the bitcoin miner to your system,” the reddit user explains. An in-depth look at the cryptominer is available in the video below.

The issue has already been posted on several subreddit, and TopWire claims Andy developers removed them from the support group in an attempt to censor the report.

“Andy clearly have no interest in fixing this issue and they're doing their best to censor it. At this point I wouldn't be surprised if this is completely down to their doing. The fact that they've completely blocked me from contacting them and the removal of all of my posts to them suggests that they don't care and don't want anyone to know,’ he posted.

Needless to say, these claims have led to many users removing Andy Android emulator from their systems, and in the meantime, Softpedia has also pulled the download links until some clarification is offered. If you’re looking for an alternative, BlueStacks is likely your best option.