Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity.
They may have been removed, but researchers at Trend Micro noted that upon searching the keywords “cloud mining” on Google Play, several concerning applications of the same type remain in place.
These fake Android apps target those interested in earning virtual coins by urging them to invest money into a cloud-mining operation. All eight recently removed apps turned out to harbor one of two malwares, detected as FakeMinerPay and FakeMinerAd.
“We discovered that these malicious apps only trick victims into watching ads, paying for subscription services that have an average monthly fee of $15, and paying for increased mining capabilities without getting anything in return,” according to Cifer Fang, a researcher at Trend Micro, in a posting on Wednesday.
The bogus ads were:
- BitFunds – Crypto Cloud Mining
- Bitcoin Miner – Cloud Mining
- Bitcoin (BTC) – Pool Mining Cloud Wallet
- Crypto Holic – Bitcoin Cloud Mining
- Daily Bitcoin Rewards – Cloud Based Mining System
- Bitcoin 2021
- MineBit Pro – Crypto Cloud Mining & btc miner
- Ethereum (ETH) – Pool Mining Cloud
Some of these, like BitFunds, have been downloaded more than 100,000 times, Fang said, meaning that victims could continue to be dragged in. Also, two of the apps added insult to injury by requiring users to purchase them, researchers found: Crypto Holic – Bitcoin Cloud Mining costs $12.99 to download, while Daily Bitcoin Rewards – Cloud Based Mining System cost $5.99.
No Real Cryptomining Capability
Trend Micro’s analysis showed that no actual mining activity was carried out by the apps – rather, “fake mining activity on the apps’ user interface (UI) is carried out via a local mining simulation module that includes a counter and some random functions.”
Nonetheless, the apps persist in their ruse, prompting users to pay in-app for supposedly increased cryptocurrency-mining capabilities – a “service” that ranges from $14.99 to as high as $189.99.
“The app called Daily Bitcoin Rewards – Cloud Based Mining System prompts its users to upgrade their cryptomining capacity by ‘buying’ their favorite mining machines to earn more coins at a faster rate,” Fang noted.
Fake Ad Clicks
Trend Micro’s investigation also found that two of the fake cryptomining applications (Bitcoin [BTC] – Pool Mining Cloud Wallet and Bitcoin 2021) flooded its users with ads, with a primary goal of getting victims to click.
“Users are prompted to click on ads during fraudulent cryptomining activities to prove that users are not robots,” Fang explained. “Users are informed that they can start mining after viewing video ads within the app. [Also] users are informed to watch in-app video ads to increase mining speed.”
Meanwhile, users are prompted to invite several friends to download the “withdrawal interface.” However, the analysis showed that in all cases, victims fail to earn revenue, since it’s all a sham.
These cryptominers are becoming more and more common. A passel of them were recently spotted by Lookout, for instance, and Fang said that Trend Micro spotted at least 150 across not only Google Play but third-party markets as well.
How to Spot a Fake Cryptominer
Trend Micro advocates the following steps to weed out fake apps like these:
- Carefully read the app’s reviews. Fake apps will receive numerous 5-star reviews – pay more attention to 1-star reviews.
- Try to enter an invalid or wrong cryptocurrency wallet address – with no actual mining going on, a fake app isn’t going to require/check for a real wallet.
- Restart the app or phone while it is in the process of mining – if the “coin counter” resets to zero, it’s a fake.
- Confirm if there is a withdrawal fee – real transfers of cryptocurrency require handling fees, meaning that free withdrawals are very suspicious.
Check out our free upcoming live and on-demand webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community.