Thursday, April 18, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

QuickHeal Security 

Beware of fake cryptocurrency mining apps – a report by Quick Heal Security Labs

admin , , ,

Credit to Author: Bajrang Mane| Date: Thu, 18 Jan 2018 09:53:22 +0000

Cryptocurrency has become a famous and valuable digital asset. One of the ways to earn cryptocurrencies is to mine them. New coins are generated and brought into the market through the process of mining. Mining of cryptocurrency is a resource-intensive task but mining them on mobile devices is still a question because they have low computing power. Quick Heal Security Labs came across apps on the Google Play Store that claimed to mine cryptocurrencies using Android devices. For obvious reasons, we found the occurrence of these apps suspicious because it’s nearly impossible to mine digital coins like Bitcoin and Ethereum using any mobile device. Let’s take an example of Bitcoin currency which is the most valuable digital currency right now. Since November 2017, its value has jumped 142.11% according to coinbase.com. Now, everybody is looking for various ways to get those coins to make money. On Google Play Store, there are many apps which promise to give away FREE cryptocurrency through mining on their Android phone. But in reality, these apps are fake and do nothing like they claim. Taking advantage of this opportunity, malware authors have uploaded fake cryptocurrency mining apps on the Play Store to lure users into downloading these apps to increase their download count and misguide users to give them a 5-star rating on the Play Store for free Satoshi. (A Satoshi is the smallest fraction of a Bitcoin). Analysis of Bitcoin Miner Robot AppName: Bitcoin Miner Robot Package name: hcss.killua.bitminerrobot.bitcoinminerrobot MD5: 006be02ef2ca3f2305a23c201570cd03 Size: 2646 KB Fig 1. Highlighted area shows it will give user 50,000 Satoshi for a 5-star rating Fig 2. The app managed to get a 4.7 rating What does it do? 1) Once the user clicks on the button FREE 50,000 SATOSHIS, the app asks for a 5-star rating and then shows a credit of 50000 Satoshi on the app’s screen. This happens even if the user doesn’t give any rating. 2) To start the mining process, the user has to click on START button. After every 10 minutes, a GET 500 SATOSHI button gets activated and the user can save generated Satoshi on the device itself but they must watch a video/interstitial ad when the device is connected to the Internet. Ads are present at both start and stop event of mining. After the opening app, it shows its main screen as shown in fig 4. Fig 3. Main screen of app rewarding user dummy 50K Satoshi for giving a 5-star rating on Play Store The following code shows how the app generates fake values of Satoshi and hash power using randomKH() function. Fig 4. randomKh() function The following code belongs to a withdraw activity that is launched while withdrawing mined Satoshi amount. As we can clearly see that the app is just showing the Satoshi value and wallet address to the user and at last setting the Satoshi value to 0 by calling setNullAgain() method to misguide the user that the amount has been sent to provided wallet address which in reality is never received by the user. Fig 5. Withdraw activity Interesting facts about the Bitcoin Miner Robot The app can scan a digital wallet barcode address to pretend it’s genuine, show fake calculation value, increase the Satoshi value to fool the user into believing that it’s doing something. But, in the background, it does nothing except programmatically changing text values. The app continues to mine even when there is no Internet connectivity – this seems fake because a mining process requires an active Internet connection. 3) While running the app on the device, it does not heat up – this seems fishy because mining is a resource-intensive task which clearly heats up the device. 4) Here, the app developer’s aim behind publishing the app is to generate revenue by serving the user with too many interstitial ads that bring more revenue compared to banners ads. The app also shows video ads which often bring even more revenue to the developer. Furthermore, interstitial and video ads consume more mobile data. The same developer has published a similar app on Google Play Store for Ethereum Cryptocurrency. Ethereum is also a popular cryptocurrency after Bitcoin. Indicator of compromise AppName: ETH Miner…
http://blogs.quickheal.com/feed/