Google recently removed five bogus wallpaper apps from its Play marketplace after they were deemed malicious and found sneakily mining Bitcoins.

The malware, dubbed BadLepricon, was spotted funneling Bitcoin into wallets and allowed the attacker to change mining pools easily to maximize the mining output of infected devices.

BadLepricon used a stratum mining proxy which not only let the attacker diversify their attack vector, but also reduce network loads and improve performance on slow or faulty networks.

According to the mobile security firm Lookout, which blogged about the malware late last week, each application had been installed between 100-500 times before it they were removed.

According to researchers the apps, which carried generic names like “Beating Heart Live Wallpaper” and “Epic Smoke Live Wallpaper,” did what they said they would: They supplied live wallpaper for Android phones.

Every five seconds however, the apps apparently entered an infinite loop where the malware checked the phone’s battery level, connectivity, and whether or not its display was on. If the battery level was above 50 percent, the display was shut off and the phone was connected to the internet, it proceeded to stealthily mine Bitcoins.

Naturally, there was no mention about how users’ devices would be used as a satellite for Bitcoin mining in the app’s terms of service.

The malware is similar to another form of malware CoinKrypt, discovered last month that mined phones for Bitcoin alternatives like Litecoin, Dogecoin and Casinocoin. Unlike BadLepricon, CoinKrypt nearly drove phones into the ground, electing not to carry out any of the safety checks that BadLepricon conducted and operated until it ran down the device’s battery.

In a report published earlier this month, Kaspersky Lab disclosed it discovered close to 6 million detections of Bitcoin-related malware, capable of stealing data from encrypted wallets, in 2013 but these days those simply trying to mine Bitcoin on desktop computers are facing an uphill battle.

A study conducted by the backup utility iDrive in February discovered that even running 600 quad-core servers for a year would only earn about .43 Bitcoin (BTC), or about $275, hardly a rational payoff.

With the crypto-currency’s popularity reaching a fever pitch over the last year, it’s grown incredibly difficult to just mine Bitcoin, prompting money-hungry attackers to seek mining alternatives.

And while it’s too early for attackers to rely on mobile devices to mine Bitcoin for profit—their hashing power is too insufficient—it isn’t stopping them from trying.

Categories: Malware, Mobile Security