Malware Targets Mobile Devices in Futile Search for Crypto-Currencies
Cyber-criminals are toying with using mobile devices to mine for crypto-currencies, such as Bitcoin, but the platform is too underpowered for effective prospecting.A hacked-together program has infected a few hundred Android devices and turned them into low-power platforms for mining crypto-currencies, according to a report from mobile-security firm Lookout. The malware, dubbed CoinKrypt by Lookout, is very basic and appears to have borrowed code from other tools used to calculate the hard computations needed to generate, or "mine," Bitcoins and other alternate crypto-currencies. While the program works, mobile devices are too underpowered to contribute much to the mathematical race for mining, said Marc Rogers, principal security researcher at San Francisco-based Lookout. "We've seen an explosion of malware that is targeting crypto-coins, but this is an unsuccessful experiment," Rogers said. "It's completely impractical: The only way this guy is going to make any money with the mining approach would be to bring a lot—and I mean a lot—of phones together at the same time." CoinKrypt is the latest malware to target crypto-currencies, among which Bitcoin is the most famous. Most malware searches for and steals the Bitcoin data stored in a digital "wallet," which can then be used to claim ownership of the digital cash. Some malware, such as the ZeroAccess botnet, attempted to harness the power of compromised computers to mine for Bitcoins, but even massively distributed computers are at a disadvantage against the hardware deployed by serious digital miners.
Attacks on mobile devices have taken off—mainly against Android, which is the focus of 99 percent of mobile malware—but cyber-criminals still have not hit upon a strong way of monetizing compromised mobile devices. Toll fraud, including sending text messages to premium numbers, continues to be the most common way that criminals try to turn an infection into a revenue stream.