Security Intelligence -
Fake Cryptomining Apps Stole Over $350K From Android Users
Cryptomining has become a lucrative industry, growing more and more mainstream. Now, attackers are trying to grab a bit of that cash with apps that claim to automate it. But when downloaded, the apps don’t do anything except take your money.
Lookout found that a total of 172 apps, including 25 on Google Play, promised users cloud-based cryptomining services for a fee. In truth, those apps never delivered those services.
Take a look at how these apps succeeded in stealing over $350,000 from nearly 100,000 victims.
Inside the BitScam and CloudScam Apps
Lookout did a deep dive into two types of apps, which they sorted into the BitScam and CloudScam families. All of these used a similar code base and design as one another despite advertising different cryptomining operations.
“They are simply shells to collect money for services that don’t exist,” Lookout reported.
Lookout’s researchers observed that whoever had created the BitScam apps had done so using a framework that didn’t require programming experience. Both apps asked users to use Google Play’s in-app billing system to purchase cryptomining subscriptions and