Cryptojacking is becoming a nuisance for PCs, and mobile users around the globe as the computing power of their devices is being used without their explicit permission to mine digital currencies. However, people who intend to mine digital currencies by using some of their device’s computing power could be involved in an impossible task. It has come to light that an Android app that claims to let users mine digital currencies is showing only adverts.
Making Use of the Curiosity
As cryptocurrencies have started becoming more mainstream, so has the possibility of mining them to make profits. Apps on the Google Play Store are offering this capability to users. The only catch here is that they claim to mine coins that cannot be mined in the first place.
Apps available on Google’s store are claiming to mine currencies like Tether, Cardano, and Ripple’s XRP. All three currencies are not mineable. The apps are fakes trying to make use of users’ curiosities and their lack of knowledge in the crypto space to fulfill their agenda. Instead of mining a currency, they are simply showing advertisements to users.
BleepingComputer shared a Fortinet finding related to these miners on Android. One such miner claims to mine Ripple’s XRP. Once a user clicks on the Start button, the app would show hash speeds and the increase in the number of coins mined. The app’s code indicates that the hash rates shown on the app are fake and nothing is being mined. When users try to withdraw their coins, the app automatically starts displaying an error message reading:
“Error! Check your wallet address.”
What’s the Point of Creating These Apps?
The apps are not connected to digital coins in any way. Instead, they are earning by showing user advertisements. They lure users who want to earn money and show them ads to generate revenue. Fortinet suggests that by keeping the users hooked to the app, the developers can show more ads and get higher ad revenues. This happens because of poor quality control at the Google Play Store, which allows these types of malicious apps to be featured on its platform.
Lukas Stefanko, an ESET researcher, has uncovered apps like this in the past. The apps revealed by Stefanko had similar adware behaviors. These apps attempted to steal coins from users’ wallets. The researcher said that the increase in the prices of cryptocurrencies leads to the growing number of such ads as they intend to “capitalize” on the hype.
He further noted:
“These fake apps are not as popular as at the end of 2017 or January 2018 — based on what I see they copy trend of Bitcoin price. If it is more profitable for the attacker, then they create more apps — because actual price hype and people want to quickly ‘get in.’”