Malware Called ‘Coinkrypt’ Mines Litecoin, Dogecoin on Android Phones

The new mobile malware called ‘CoinKrypt’ infects Google Android devices to mine digital currency with overusing processing power.

Malware mines scrypt currencies on millions of android phones while charging. Photo: CoinSpeaker.

Malware mines scrypt currencies on millions of android phones while charging. Photo: CoinSpeaker.

Lookout researchers are warning of a new Android malware family called ‘CoinKrypt,’ which leverages infected mobile devices to mine digital currency, including Litecoin, Dogecoin and Casinocoin.

According to Marc Rogers, a principal security researcher with Lookout Mobile Security, CoinKrypt, an add-on to a legitimate app and hijacks an Android phone’s resources to mine Litecoin, Dogecoin, and Casinocoin, has been seen mainly in Spanish-language forums discussing pirate software.

In a blog post, Rogers noted that although the malware does not steal any personal data, it still poses a threat to Android devices, as coin-mining malware is extremely resource-intensive activity. In case it is allowed to go on without any limits, the malware could potentially damage hardware what may lead to overheat and burnout of the system.

“As a minimum, users affected by this malware will find their phones getting warm and their battery-life massively shortened,” writes Lookout’s Marc Rogers. “Another added annoyance? CoinKrypt might suck up your data plan by periodically downloading what is known as a block chain, or a copy of the currency transaction history, which can be several gigabytes in size.”

Lookout experts said that CoinKrypt is quire a basic program and does not include a feature that is native to other mining software, which controls the rate at which coins are mined in order to preserve the hardware from damage. This explains why the attackers are staying away from mining Bitcoins, which despite being far more valuable, are much more difficult to mine, and unlike targeting Litecoin, Dogecoin and Casinocoin “might yield more coins with less work.”

Bitcoin is the most prominent form of crypto-currency. Litecoin is a less valuable, more user-friendly version of the same idea, while Dogecoin started as a joke about a popular Internet meme involving a Shiba Inu dog and evolved into something approximating a legitimate form of currency.

“With the price of a single Bitcoin at $650 and other newer currencies such as Litecoin approaching $20 for a single coin we are in the middle of a digital gold rush. CoinKrypt is the digital equivalent of a claim jumper,” he wrote.

“[A]s these digital currencies continue to grow, we predict that the number of new malware families targeting them will also continue to grow as malware authors experiment with various different strategies in their desire to cash in.”

Recently, researchers at G Data Software, as well as at Trend Micro discovered mining software in a form of repacked copies of popular apps such as Football Manager Handheld and TuneIn Radio. The apps were injected with the CPU mining code from a legitimate Android cryptocurrency mining app that is based on the well-known cpuminer software. The Trojan, dubbed MuchSad, mines Dogecoin in addition to serving streaming radio to the user, reports Threat Post.

“Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats,” blogged Trend Micro Mobile Threats Analyst Veo Zhang. “Also, just because an app has been downloaded from an app store – even Google Play – does not mean it is safe.”

Share this article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.