We’re all pretty familiar with BitCoin by now, or at least the idea of what the virtual currency actually is. Even if you’ve only had a passing interest in BitCoin, you’ll know that it’s a cryptocurrency, requiring processing power to calculate equations and reach a certain point, which makes a single BitCoin. Generating the currency is referred to as mining and can be done on a variety of different hardware, from big to small, including our smartphones. One enterprising developer had snuck a secret BitCoin mining operation into a handful of Android apps, as Lookout Security discovered recently.
Five Live Wallpapers, that have since been removed from the Play Store, snuck a piece of malware called ‘BadLepricorn’ onto users’ devices in order to mine BitCoin in the background. BadLepricon, despite the poor spelling of ‘Leprechaun’, was actually a very sophisticated piece of malware. Utilizing a ‘Stratum’ mining policy, BadLepricon checked the battery level of the device, as well as whether or not the screen was in use in order to hide its activity and not use so much processing power to raise suspicion. By monitoring the battery, BadLepricon only worked when there was 50% or more battery left on the user’s device. A good way to mine coins using a whole bunch of devices out there, but unfortunately for the developers, the Live Wallpapers were installed by less than 500 users.
Google has since removed these apps from the Play Store, but it is a little worrying that these fell through the cracks in the first place, but we’re sure Google will be learning from this and will be on the look out for similar malware. As with everything, it’s worth checking the permissions when installing apps from the Play Store, a Live Wallpaper app will not need many permissions and those like network connectivity should only be needed if the Live Wallpaper is getting info from the net, like the weather for instance.