New research has uncovered a crypto mining scam where 170 Android apps charge their users to mine cryptocurrencies without doing anything.
According to cybersecurity specialists Lookout’s Threat Lab, the fraudulent apps claim to provide cloud cryptocurrency mining services for a fee.
This would allow the apps’ users to pool their phones spare computing power to mine cryptocurrencies, with the resulting profits shared between them.
After analysing the apps, however, Threat Lab claimed that no actual cloud crypto mining takes place. When users query the number of coins they have earned, the number is entirely fictitious.
Instead, the apps steal money through legitimate payments. According to Threat Lab, at least $350,000 has been stolen from 93,000 people, who either paid for the apps or bought additional fake upgrades and services.
Users were not allowed to withdraw their imaginary funds until a minimum balance was reached. Even if they reach the minimum balance, an error message would stop them from withdrawing the funds.
The apps are freely available to users around the world, and 25 of them are offered through the Google Play store. The fact that they don’t technically perform any malicious activity, such as stealing user data or hijacking other apps, allowed them to avoid detection by the app stores’ threat detection systems.
Threat Lab divided the scam apps into two categories – BitScam and CloudScam. BitScam apps accept cryptocurrencies, such as Bitcoin and Ethereum, as payment for its non-existent services.
However, despite this difference, the cybersecurity experts warned that the similar business models of the apps suggests that scams are being run by multiple criminal actors in competing businesses.
In fact, further analysis revealed that the apps share similar code and design, with the group noting that the apps are so rudimentary they could have been made by someone with virtually no coding ability.
For example, the counter that was supposed to display the number of coins the user had earned would reset to zero after passing ten, or if the app were restarted.
While Threat Labs noted that the CloudScam and BitScam apps have now been removed from Google Play, the group warned that there are still dozens more available on third-party app stores.
- The top Scottish tech companies to watch in 2021
- Government plans to support tech sector could include regulatory declutter
- Users receive weird messages after Formula One app hack
Bitcoin, along with other cryptocurrencies, has had a tumultuous year. It started the year by breaking its previous valuation record when it reached $34,000 (£25,000), eclipsing its previous high of just under $20,000 at the end of 2017.
Over the rest of the year, it value reached a new peak, over $63,000. Since then, its value has fallen dramatically, and since May its value has hovered either side of the $35,000 mark – still impressively above its pre-2021 high, and especially impressive considering its value for most of 2018-2020 was around $5000-10,000.
In total, cryptocurrencies achieved a market capitalisation of over $2 trillion this year.
The high value and volatility are a massive incentive to anyone looking to make a quick profit. It also encourages criminals to take advantage of people looking to profit off a high-profile asset.