Over 170 Android apps have been identified by security researchers as scamming cryptocurrency miners.
According to security researchers at Lookout Threat Lab (a cloud security company), the apps were created solely for the purpose of stealing money from cryptocurrency miners.
Researchers found that the apps were used to scam more than 93,000 people. They also stole at least $350,000 between users who paid for apps and bought fake upgrades.
These apps aren’t malicious, which is what allowed them to fly under radar. They do not actually do much. Researchers stated that they are just shells for collecting money for services that don’t exist.
The evolution of crypto mining makes it easier to scam.
Cryptocurrency mining uses computer processing power to solve complicated mathematical problems that verify cryptocurrency transactions. Miners are usually rewarded with a small amount cryptocurrency.
There are generally two types of mining. The other is mining pools. This allows individuals to contribute computing power in exchange for cryptocurrency. Cloud mining is an evolution of mining pools. Cloud miners can rent cloud computing power, which is similar to cloud computing.
“Cloud mining brings both convenience and cybersecurity risk.” The researchers stated that cloud computing is simple and agile, making it easy to create a fake-looking crypto mining service.
What are the tricks?
Most of the fraudulent apps were paid for, which allowed the scammers to make a lot of money from app sales. Users could also subscribe to the apps and pay via the Google Play billing system.
After logging in, users will see an activity dashboard which displays the current hash mining rate (the amount of computing power that is being used to mine the network) and how many coins they have “earned”. To encourage users to upgrade to faster mining rates, the hash rate is usually very low.
“After analysing the code and network traffic, it was discovered that the apps display a fictional coin balance and not the amount of coins mined. Researchers explained that the value displayed in the app is simply a counter that slowly increases over time.
BitScam scam allows users to purchase virtual hardware to increase their mining rate. Virtual hardware can be purchased through Google Play, Bitcoin or Ethereum. It costs between $12.99 and $259.99.
The apps were designed to prevent users from withdrawing coins until they reach a certain minimum balance. Researchers also stated that users could not withdraw coins even if they reached a minimum balance.
“The app would display a message to inform the user that the withdrawal transaction was pending. But behind the scenes, it resets the user’s coin balance to zero and does not transfer any money to them.
Researchers said that while the apps have been removed from Google Play now, there are still dozens of them in third-party stores.
According to the report, ‘The scammers behind this scheme were able tap into the existing frenzy caused by the hot cryptocurrency markets’.