About 100,000 People Are Scammed By These Fake Android Cryptocurrency Mining Apps


Cryptocurrency is extremely volatile. This is why the craze is a never-ending one

To earn cryptocurrencies, ones should either buy and trade them, or mine them. As for the latter, mining requires a lot of resources. While some malicious actors try to steal resources, other malicious actors are found to scam people out of their money, by offering services that don't exist.

These scammers have at least tricked 93,000 people into using fake Android cryptocurrency mining apps, as revealed by researchers from California-based cybersecurity firm Lookout.

The 172 paid Android applications, tracked as two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs), were advertised by the cybercriminals to victims as providing cloud-based cryptocurrency mining services.

But digging deep into the codes, the researchers found that the apps didn't include any cloud cryptomining functionality at all.

In fact, the apps never provide any of the advertised services.

Read: Bitcoin Mining: The Hungry And The Dirty That Are Affecting The Planet

In a blog post:

"Cryptocurrencies, once the exclusive domain of an idealistic fringe movement, have recently become attractive to mainstream retail investors. During the COVID-19 pandemic, the valuation of cryptocurrencies rose exponentially, reaching a market capitalization of over $2 trillion. Cybercriminals are always looking for the path of least resistance to make money and cryptocurrencies are now in their crosshairs."

"Security researchers at the Lookout Threat Lab have identified over 170 Android apps, including 25 on Google Play, scamming people interested in cryptocurrencies. Many of them available globally, these apps advertise themselves as providing cloud cryptocurrency mining services for a fee. After analyzing them, we found that no cloud crypto mining actually takes place."

In total, the apps have at least collectively stole $350,000 between users paying for apps and buying additional fake upgrades and services.

The researchers said that the apps avoided detection because they don't do anything malicious.

"Most malware executes code that performs some clearly malicious activity, such as exfiltrating private information to a command-and-control server, displaying advertisements outside of the app’s context or sending premium text messages."

"What enabled BitScam and CloudScam apps to fly under the radar is that they don’t do anything actually malicious. In fact, they hardly do anything at all. They are simply shells to collect money for services that don’t exist."

Cryptojacking apps
Samples of CloudScam apps and BitScam apps. (Credit: Lookout)

When victims downloaded the apps, and signed in, they will be greeted with a similar activity dashboard that displays the available hash mining rate as well as how many coins they have “earned.”

The apps tend to show low hash rate to lure victims into buying "upgrades."

The scammers also earn money by selling other in-app upgrades, as well as additional subscription and services.

Things look good on the outside, until looking at the inside.

If cloud mining does take place, the amount of coin to be stored should be placed in a secure cloud database, and that it requires data queries via an API. But the apps here only display a fictitious coin balance and not the number of coins mined.

What's more, the hash rate is merely a counter which resets to zero after counting to ten. This does not initiate any activity from cloud services.

And if that is not convincing enough to be a scam, victims can never withdraw their coins.

25 of these fake apps were available in the Google Play Store, before Google removed them.

Cryptojacking apps
Screenshots of the apps' interface and their fake upgrades. (Credit: Lookout)

Cryptocurrency mining requires a process that include the processing power of computers to solve complex mathematical problems, in order to verify cryptocurrency transactions.

Each time miners' computers accomplish the feat, they will be rewarded with a small amount of cryptocurrency.

Because cryptocurrency mining is no longer an easy task for ordinary computers used by ordinary people, due to the amount of resources (electrity) is uses that can severely consume profits, the common mining strategy is called mining pools, where individuals contribute their computing power in order to get cryptocurrency in return that is proportional to what they have contributed.

And cloud mining is just an evolution of mining pools.

Cloud mining uses cloud computing power, which in turn introduces both convenience and cybersecurity risks.

Scammers know this very well.

This is why malicious developers can easily create some realistic-looking cryptocurrency mining services, and market them as legitimate apps, and get away with it.

There are plenty of websites that do this scam. And this time, the trend has shifted to mobile apps.

Read: Cryptocurrency Mining, And How You Can Be Part Of It, In A Good Way