Malware Targets Mobile Devices in Futile Search for Crypto-Currencies
A hacked-together program has infected a few hundred Android devices and turned them into low-power platforms for mining crypto-currencies, according to a report from mobile-security firm Lookout.
The malware, dubbed CoinKrypt by Lookout, is very basic and appears to have borrowed code from other tools used to calculate the hard computations needed to generate, or "mine," Bitcoins and other alternate crypto-currencies. While the program works, mobile devices are too underpowered to contribute much to the mathematical race for mining, said Marc Rogers, principal security researcher at San Francisco-based Lookout.
"We've seen an explosion of malware that is targeting crypto-coins, but this is an unsuccessful experiment," Rogers said. "It's completely impractical: The only way this guy is going to make any money with the mining approach would be to bring a lot—and I mean a lot—of phones together at the same time."
CoinKrypt is the latest malware to target crypto-currencies, among which Bitcoin is the most famous. Most malware searches for and steals the Bitcoin data stored in a digital "wallet," which can then be used to claim ownership of the digital cash. Some malware, such as the ZeroAccess botnet, attempted to harness the power of compromised computers to mine for Bitcoins, but even massively distributed computers are at a disadvantage against the hardware deployed by serious digital miners.
Attacks on mobile devices have taken off—mainly against Android, which is the focus of 99 percent of mobile malware—but cyber-criminals still have not hit upon a strong way of monetizing compromised mobile devices. Toll fraud, including sending text messages to premium numbers, continues to be the most common way that criminals try to turn an infection into a revenue stream.
CoinKrypt is just the latest attempt to make money from infected mobile devices, Rogers said. "It does shows their inventiveness," he said. "They are literally trying anything."
The program does not attempt to divide up the work of mining across many infected phones, which would have made it a botnet. Instead, each phone is running as a standalone miner, Rogers said. Lookout simulated running the software on a phone for more than a week and calculated that it would only mine about 20 cents in litecoins, the leading crypto-currency alternative to Bitcoin.
Not only is the program not very successful at mining, it's also not very pervasive. Lookout has only found programs containing the malicious code in a Spanish-language forum dedicated to software piracy, but, ironically, the infected devices appeared to be located in France, he said.
Phones that become infected will drain their battery life quickly, as the device continues to do calculations. The malware could also run up the user's data plan if the exchange of crypto-currency information causes the user to exceed their allowed data plan, the company said.