Crypto header

Scammers are creating fake Android cryptocurrency mining apps and promoting them on the Google Store. The kicker is that these apps claim to mine cryptocurrency that can't be mined in the first place.

Fortinet discovered these apps on the Google Play Store when they saw that the apps were being promoted as miners for Ripple (XRP), Cardano (ADA), and Tether. As these are cryptocurrencies that are not possible to mine, the apps only pretend to mine and instead display advertisements

For example, in the Ripple miner shown below, users can click on the Start button and supposedly mine for the Ripple cryptocurrency. While running, it will even show hash speeds and the slow increase of mined coins.

In reality, though, the code for the app shows that the fake mining hash rates are completely random and are not actually mining anything. Furthermore when users try to withdraw their supposedly mined coins, the app is coded to automatically display an error stating "Error! Check your wallet address".

Code that gives an error on withdrawal
Code that gives an error on withdrawal

As these apps are not actually mining anything, you may be wondering why they were even created? According to Fortinet, the answer is to display advertisements. By enticing you to earn money by mining cryptocurrency, they are hoping that you will keep the app open so that it can display advertisements and generate revenue.

Code to display an interstitial ad
Code to display an interstitial ad

Ultimately, scam apps are created to do one thing; to make money for the developer.  Unfortunately, with the poor quality control in the Google Play Store, we are constantly seeing reports of Android apps performing malicious activities such as performing hidden mining, stealing banking credentials, and spying on user's activities.

ESET discovered similar apps in the past

These types of apps are not new. In the past, ESET researcher Lukas Stefanko had reported about finding apps that performed similar adware behavior, performed cryptojacking, or tried to steal coins from user's wallets.

When BleepingComputer asked Stefanko if he felt that these types of malicious or scam mining apps are increasing, he stated that he felt they follow the ebbs and flows of the cryptocurrency market.  When the prices of cryptocurrency are increasing, so are the amount of scam apps that try to capitalize on the increased hype.

"These fake apps are not as popular as in the end of 2017 or January 2018 - based on what I see they copy trend of Bitcoin price," Stefanko told BleepingComputer. "If it is more profitable for the attacker then they create more apps - because actual price hype and people want to quickly "get in"."

With this said, be sure to do your research and read the reviews of any mining apps you install on Android. Otherwise, you may get more than you expected.

Related Articles:

Fake Elon Musk Twitter Bitcoin Scam Earned 180K in One Day

The Few Privileged North Koreans Are Savvy Scammers

Fraudster Targets Cryptocurrency Wallets with a Variety of Info Stealers

Google’s Android Apps Are No Longer Free for European Smartphone Makers

Ad Clicker Hiding as Google Photos App Found in Microsoft Store