Thousands of Android users scammed by fake cryptomining apps

cryptocurrency
(Image credit: Yevhen Vitte / Shutterstock)

Cybersecurity researchers have discovered a major cryptomining scam, perpetrated via hundreds of Android apps

Unraveled by the Lookout Threat Lab, the scam tricked over 86,000 people into thinking they are paying for cloud cryptomining services. 

The researchers argue that the apps, some of which were listed on the Google Play store, weren’t flagged since they don’t actually appear to do anything malicious. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

“They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception,” said Ioannis Gasparis, a mobile application security researcher at Lookout.

Caveat emptor

In their breakdown of the scam, Lookout notes that all the scam apps can broadly be classified into two distinct app families, namely BitScam and CloudScam. 

The BitScam and CloudScam apps advertise themselves as providing cloud cryptocurrency mining services for a fee. 

The majority of BitScam and CloudScam apps were paid apps, and furthermore also offered paid subscriptions and commercial services related to crypto mining.

After carefully analyzing the apps, the Lookout researchers found that no cloud crypto mining actually takes place, and the scammers simply pocketed the money their victims spent on the apps and paid upgrades, with over $350,000 thought to have been generated.

In all, Lookout identified more than 170 apps. While a majority of these were sideloaded from third-party app stores, 26 were available for download on Google Play, but have now been removed.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.