Lookout, a mobile security startup based in San Francisco, has identified a new type of bitcoin mining malware that targets mobile devices. Dubbed 'BadLepricon', the malware represents a more sophisticated type of mining malware attack than previously seen.
The malware was designed to be delivered via a wallpaper app. Lookout identified five separate apps that contained BadLepricon, and Google removed the apps soon after being contacted by the mobile security firm.
The company announced the discovery in a 24th April blog post, citing the specifics of the malware.
CoinDesk spoke with Michael Bentley, head of Lookout’s research and response team, who said that the malware presents a new level of sophistication not normally seen in this type of cyberattack, adding that the malware writer knew what he or she was doing.
The writer of BadLepricon used a stratum mining proxy that lets the botnet operator control where bitcoins are being sent and which nodes are being mined.
Additionally, BadLepricon is designed to maximize mining output from a single device. The mining program only runs when the display is off and when the battery life is greater than 50%. This also acts to protect the phone from heat damage, which masks one of the major symptoms of a mobile-based mining malware attack. It appears that some users may have been affected.
According to Lookout, the apps had an average of 100-500 downloads before the malware was discovered.
Bentley remarked that, ultimately, these types of attacks don’t produce enough hashing power to actually solve a block or produce bitcoins. However, he expects program authors to develop more botnet-style mining malware in the future.
While the majority of bitcoin malware programs are focused on hacking wallets, mining malware attacks do present a threat to computer systems that can be exploited for hashing power. This was shown in a recent study published by Kapersky Labs.
announced this week that it had discovered a server breach that compromised student data. The school stated that the malware was designed to mine bitcoins, although it is unclear if the effort was successful.
BadLepricon is also not the first type of malware to disguise itself on the Google Play store. Earlier this year, two malicious apps were discovered that turned affected mobile devices into dogecoin and litecoin miners.
Password security image via Shutterstock.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.