Security News > 2021 > July > Non-Malicious Android Crypto Mining Apps Scam Users at Scale
Researchers at mobile security firm Lookout have identified more than 170 Android apps that target and scam users interested in cryptocurrencies.
These apps cannot even be classified as 'malware' since they do nothing typified as malicious and don't contain a payload. This is the height of their sophistication.
"The BitScam apps are put together using an app builder framework that requires no programming experience or understanding of how an app actually works."We have seen this framework used for nefarious app development before - such as adware," said Hebeisen;" "But again there is no malicious code included. The whole purpose of using the framework is to make use of a business operation rather than to develop malware. It is perfectly possible that this approach to scam development will increase in the future."
Crypto mining scams have already been discovered in PC apps - indeed, the bravenewcoin website warns, "Crypto scams are at an all-time high, so tread carefully." The Lookout findings are the first time such scams have also been found in mobile apps.
"In some of the apps analyzed," comment the researchers, "We observed this happening only while the app is running in the foreground and is often reset to zero when the mobile device is rebooted, or the app restarted." In some apps, user attempts to withdraw the fictitious balance are met with a message saying 'pending', while the counter is reset to zero; or that the balance is too small to withdraw.
Some mobile security products can detect these scam apps.
News URL
Related news
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware (source)
- Crypto scams more costly to the US than ransomware, feds say (source)
- Canonical cracks down on crypto cons following Snap Store scam spree (source)