(Picture by Lookout)
As if we didn’t need another fishy Android app warning, researchers have found yet another batch of apps up to no good. It seems some Bitcoin miners have sneakily embedded code into apps that will mine Bitcoins on the sly.
Lookout, an anti-malware provider, blogged that the company’s researchers found malware dubbed “BadLepricon” stored on six separate wallpaper apps. Each of those apps have had from 100 to 500 downloads each, which meant that at least a few hundred people have malware installed on their phones.
Look, more malware
Google was alerted and has since removed the offending apps. But it’s the second time this month third-party researchers have found cryptocurrency-mining apps on Google servers. Trend Micro reported finding apps that mined Litecoin and Dogecoin without letting users know.
Meghan Kelly, a Lookout security communications manager blogged: "These apps did fulfill their advertised purpose in that they provided live wallpaper apps, which vary in theme from anime girls to 'epic smoke' to attractive men."
But what users didn’t know was that BadLepricon would test, every five seconds, users’ battery level, connectivity and whether the phone’s display was on. The code would only mine when the battery level was 50 per cent or higher, so as to prevent users from suspecting unwanted activity was going on.
Still, the mining would slow down the phone and in some cases, generate more heat than the phone normally would.
Google’s ‘free-for-all’ approach means that it's far too easy for malware-ridden apps to be released to unsuspecting users despite its so-called scanner for malware. Google's stance is much unlike Apple's App Store, which scrutinises every single app, even though some developers see Apple’s restrictions as a form of censorship as well as a way to shut out apps that compete with Apple’s own apps.
Is it time for Google to set up its own vetting committee?