While these apps were advertised as providing cloud cryptocurrency mining, Lookout’s analysis proved otherwise.
Security researchers at Lookout Threat Lab identified over 170 Android apps that scammed over 93,000 people and made $350,000 from users that bought additional fake upgrades and services. Of the 170, 25 were on Google Play, which have now been removed by Google.
While these apps were advertised as providing cloud cryptocurrency mining, Lookout’s analysis proved otherwise. Researchers classified these apps as BitScam and CloudScam; both use a similar business model.
Lookout explained that unlike most malware execute codes that performs some clearly malicious activity, BitScam and CloudScam apps don’t do anything malicious. They just collect money for services that don’t exist, making them fly under the radar.
BitScam apps were created using a framework that doesn’t require programming experience, and a majority of BitScam and CloudScam apps are paid. These apps offer paid crypto mining service that lets users pay via Google Play’s in-app billing system, Bitcoin and Ethereum.
When a user logged into the app, they were shown an activity dashboard that displays available hash mining rate and the number of coins they have earned.
The hash rate displayed was kept very low in order to lure user into buying upgrades that promise faster mining rates. If cloud mining takes place, the coin amount displayed is stored in a secure cloud database and queried via an API. But these apps displayed a fictitious coin balance, not the number of coins mined.
Lookout pointed that these apps were designed to not allow users to withdraw coins until a minimum balance is reached. And even when someone achieved minimum balance they wouldn’t be able to withdraw as the app would display a message telling users the withdrawal transaction is pending. Then it would reset user’s coin balance amount to zero without transferring any money to the user.
Some apps reset users’ coin balance frequently to prevent them from reaching the minimum balance. The reset took place when the mobile device reboots, a user logged out or the app crashed.
Lookout adviced users to know the developers behind the app and install from an official app store before signing in. It urged users to read the terms and conditions, other user reviews and understand the permissions and activities of the app.