IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Android crypto mining scam hits 93,000 victims

More than 170 apps claimed to offer users cloud-based crypto mining for a fee

Abstract image of a bitcoin token inside some rocks to represent cryptocurrency mining

Security researchers have discovered a plethora of fake Android apps that pretend to offer cloud-based cryptocurrency mining in exchange for a fee.

Around 170 Android apps, including 25 on Google Play, have been identified as fraudulent, with each offering cryptocurrency mining services to users as a way of generating tokens without any mining actually taking place.

“The apps’ entire raison d'être is to steal money from users through legitimate payment processes, but never deliver the promised service,” said researchers at Lookout Security, in a post detailing the scam.

In total, criminals are thought to have taken $350,000 from approximately 93,000 users, either through initial payments or through additional fake upgrades and services.

Researchers classified these apps into two distinct families: BitScam and CloudScam. While there are some distinctions between the two families, both have a similar business model, indicating that many cyber criminals have set up competing businesses to target users in the same manner.

While mobile malware tries to extract data or send premium rate messages, these apps have flown under the radar as they don't do anything inherently malicious to the device itself, instead acting as shells to collect money for services that don’t exist.

Victims are led to believe that the apps grant them access to a cloud-based cryptocurrency mining pool, where individuals can contribute varying amounts of computing power from their devices in exchange for cryptocurrency.

Related Resource

Owning your own access security

The key to building strong cloud security and avoiding the risk of vendor lock-in

Whitepaper front coverDownload now

While the apps appeared to represent different mining operations, all of the apps analyzed shared very similar code and design, according to the researchers.

“Both CloudScam and BitScam also offer subscriptions and services related to crypto mining that users can pay for via the Google Play in-app billing system," the researchers said. "What makes BitScam different is that its apps also accept Bitcoin and Ethereum as payment options."

While Google Play has since removed the apps from their store, many others are still available on third-party app stores around the world.

Researchers recommended users investigate developers behind any such apps to make sure they are legitimate, and only install apps from an official store app.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022