False crypto-mining apps plague Google Play
Apps deceive users into clicking on ads or buying non-existent mining subscriptions
Researchers at Trend Micro said they found the fake apps masquerading as cryptocurrency cloud-mining applications. Users were fooled into believing the apps would earn them cryptocurrency by investing money into a cloud-mining operation.
Upon further investigation, researchers found that these malicious apps only tricked victims into watching ads, paying for subscription services, and paying for increased mining capabilities with nothing in return.
The apps removed from the store are BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, Crypto Holic – Bitcoin Cloud Mining, Daily Bitcoin Rewards – Cloud Based Mining System
Bitcoin 2021, MineBit Pro - Crypto Cloud Mining & BTC miner, and Ethereum (ETH) - Pool Mining Cloud.
While most were free to download, Crypto Holic – Bitcoin Cloud Mining cost $12.99 to download and Daily Bitcoin Rewards – Cloud Based Mining System cost $5.99. Some of the apps have even been downloaded more than 100,000 times. Researchers warned that over 120 fake cryptocurrency mining apps are still available online.
Trend Micro’s researchers’ analysis found these apps did not have any cryptocurrency-mining behavior.
“The fake mining activity on the apps’ user interface (UI) is carried out via a local mining simulation module that includes a counter and some random functions,” said researchers.
Despite lacking mining functionality, some apps prompted users to pay $14.99 to $189.99 via in-app billing systems for increased cryptocurrency-mining capabilities.
“The app called Daily Bitcoin Rewards – Cloud Based Mining System prompts its users to upgrade their cryptomining capacity by “buying” their favorite mining machines to earn more coins at a faster rate,” said researchers.
Two other fake crypto apps pestered users by prompting them to click on ads during fraudulent crypto-mining activities to prove they aren’t robots. Users are informed they can start mining after viewing in-app video ads.
The apps also prompt users to invite several friends to download the app to unlock the withdrawal interface.
“However, even after users are able to invite friends and unlock the withdrawal interface, they wouldn’t be able to withdraw cryptocurrency from the app as it is always in a waiting state,” researchers warned.
Researchers said users could spot fake apps by carefully reading the app’s reviews and entering an invalid or wrong cryptocurrency wallet address.
“Confirm if there is a withdrawal fee. The transfer of cryptocurrency requires a handling fee, which is relatively high compared to what is typically made from cloud mining. Hence, free withdrawals are very suspicious,” said researchers.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now