‘BadLepricon’ bitcoin mining malware found in a number of Google Play apps

25 Apr 2014

A number of apps on the Google Play app store contain a piece of malicious software known as ‘BadLepricon’ that mines bitcoins from the web without the app user’s knowledge, a team of researchers has found.

In a blog post on its website, smartphone security company Lookout gave further details of its team’s discovery. The harmful software was included in a number of wallpaper apps for Android devices, and once entering a person’s phone, the malware begins to mine bitcoins from the internet. While it wouldn’t appear to have any noticeable visual effects on the phone, it would become quite apparent when the phone’s battery level appears to be draining at an unusually fast rate.

It is believed users had downloaded the apps almost 500 times. Google has since removed them after Lookout made the company aware of the malware-infected apps.

The wallpaper apps – usually found to be pictures of anime girls and ‘attractive men’, according to Lookout – would enter into an infinite loop of checking your phone’s battery level every five seconds as a rather ingenious method of making sure the phone’s battery doesn’t burn out from the bitcoin mining.

BadLepricon malware makes sure the battery level is running at more than 50 percent capacity, the phone’s display is turned off, and the phone has network connectivity.

As a viable method of obtaining bitcoins, the mining malware needs to be on hundreds, if not thousands of different devices, as a recent mining experiment using 600 quadcore servers were only able to generate 0.4 bitcoins over the space of one year.

The team behind the discovery went on to say it believes this method of smartphone mining could be a potential business model.

“Instead of being served advertising, people could use a few processing cycles to mine cryptocurrency instead. We can see a world where that would be tolerated, but in the case of BadLepricon, not alerting the user to your intentions will land you straight in the malware pile.”

Bitcoin mining image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com