Lookout Finds Bitcoin-Mining Malware Called ‘BadLepricon’ on Google Play

Lookout, a mobile security app, has recently discovered five wallpaper apps that carried bitcoin mining malware program BadLepricon.

Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins. Photo: Lookout

Researchers scouring the official Google Play market have unearthed more Android apps that surreptitiously abuse end-user devices to carry out the computationally intensive process of mining Bitcoins. Photo: Lookout

Lookout, a San Francisco-based mobile security app on Google Play, discovered a new type of bitcoin mining malware that uses mobile devices to create new coins. The malware, called “BadLepricon”, has a form of the wallpaper app. The mobile security firm found five different apps that carried BadLepricon. These apps were quickly removed by Google after Lookout alerted the company.

The five apps had between 100-500 downloads before their removal. Still, those, who installed Lookout app on their mobile devices, were protected from the malware.

Michael Bentley, a head of Lookout’s research and response team, described BadLepricon as a new sophisticated type of malware, which differs from this type of cyberattack. Bentley expects that BadLepricon authors will develop more mining malware programs in the future.

It is the second time in less than a month when a third party firm unearthed digital currency mining apps on the Google Play marketplace. About two weeks ago, Trend Micro researchers found two apps installed one million to five million times that created Litecoin and Dogecoin cryptocurrencies.

In order to control thousands of bots, malware developers can use a proxy to install one point of contact. BadLepricon includes a stratum mining proxy that makes it easier to control bitcoin wallets in an anonymous way. It also uses a feature known WakeLock to prevent phones from going to sleep even if the display is off.

BadLepricon is designed to maximize a number of bitcoins mined from a single device. The program works only when the battery is above 50% and the display is off. BadLepricon every five seconds checks the battery level and connectivity. This is done to protect the phone from heat damage, which is one of the main indicators that the device carries the malware. Otherwise, the miners can burn out the device by using too much processing power.

Lookout discovered another malware last month, called CoinKrypt, which was focused on mining coins like Dogecoin, Litecoin and Casinocoin. These currencies were used as they are easier to mine if compared to bitcoin. However, CoinKrypt did not use safety checks as BadLepricon did. Instead, the program severely used mobile devices.

In order to stay safe from the malware it is advised to ensure that the Android system setting “unknown sources” is unchecked to avoid drive-by-download installs.

Another way to defend yourself is to install a mobile security app like Lookout, which will protect a mobile device from the malware.

Share This article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.