Cryptocurrency is extremely volatile. This is why the craze is a never-ending one
To earn cryptocurrencies, ones should either buy and trade them, or mine them. As for the latter, mining requires a lot of resources. While some malicious actors try to steal resources, other malicious actors are found to scam people out of their money, by offering services that don't exist.
These scammers have at least tricked 93,000 people into using fake Android cryptocurrency mining apps, as revealed by researchers from California-based cybersecurity firm Lookout.
The 172 paid Android applications, tracked as two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs), were advertised by the cybercriminals to victims as providing cloud-based cryptocurrency mining services.
But digging deep into the codes, the researchers found that the apps didn't include any cloud cryptomining functionality at all.
In fact, the apps never provide any of the advertised services.
In a blog post:
"Security researchers at the Lookout Threat Lab have identified over 170 Android apps, including 25 on Google Play, scamming people interested in cryptocurrencies. Many of them available globally, these apps advertise themselves as providing cloud cryptocurrency mining services for a fee. After analyzing them, we found that no cloud crypto mining actually takes place."
In total, the apps have at least collectively stole $350,000 between users paying for apps and buying additional fake upgrades and services.
The researchers said that the apps avoided detection because they don't do anything malicious.
"What enabled BitScam and CloudScam apps to fly under the radar is that they don’t do anything actually malicious. In fact, they hardly do anything at all. They are simply shells to collect money for services that don’t exist."
When victims downloaded the apps, and signed in, they will be greeted with a similar activity dashboard that displays the available hash mining rate as well as how many coins they have “earned.”
The apps tend to show low hash rate to lure victims into buying "upgrades."
The scammers also earn money by selling other in-app upgrades, as well as additional subscription and services.
Things look good on the outside, until looking at the inside.
If cloud mining does take place, the amount of coin to be stored should be placed in a secure cloud database, and that it requires data queries via an API. But the apps here only display a fictitious coin balance and not the number of coins mined.
What's more, the hash rate is merely a counter which resets to zero after counting to ten. This does not initiate any activity from cloud services.
And if that is not convincing enough to be a scam, victims can never withdraw their coins.
25 of these fake apps were available in the Google Play Store, before Google removed them.
Cryptocurrency mining requires a process that include the processing power of computers to solve complex mathematical problems, in order to verify cryptocurrency transactions.
Each time miners' computers accomplish the feat, they will be rewarded with a small amount of cryptocurrency.
Because cryptocurrency mining is no longer an easy task for ordinary computers used by ordinary people, due to the amount of resources (electrity) is uses that can severely consume profits, the common mining strategy is called mining pools, where individuals contribute their computing power in order to get cryptocurrency in return that is proportional to what they have contributed.
And cloud mining is just an evolution of mining pools.
Cloud mining uses cloud computing power, which in turn introduces both convenience and cybersecurity risks.
Scammers know this very well.
This is why malicious developers can easily create some realistic-looking cryptocurrency mining services, and market them as legitimate apps, and get away with it.
There are plenty of websites that do this scam. And this time, the trend has shifted to mobile apps.