• Plus500

BadLepricon Discovered on Google Play Reminds us of the Real Threat

By Nitesh Bualang
In Bitcoin
Apr 25th, 2014

BadLepricon, a bicoin-mining malware, Forces Google to pull down Five Wallpaper apps

Yesterday, Lookout Researchers posted in their blog that they discovered five wallpaper apps in the Google Play Marketplace that have hidden BadLepricon, a malware which exploit users’ gadgets to mine bitcoins. The malware turns the phone into bots for the rather computationally intensive process, but it only works when the battery is over 50% full.  Lookout, a mobile security firm, alerted Google which immediately pull down the five wallpaper apps.

Until BadLepricon discovery, 100-500 downloads of the wallpapers were registered.

How BadLepricon Works

BadLepricon, bitcoin attack, bitcoin mining

Malware BadLepricon Secretly Mining-Bitcoin

According to Lookout, once the wallpaper app has been downloaded and installed in the device, BadLepricon sneaks to check the battery level, internet connectivity and phone display activity every 5 seconds. If the battery level is over 50%, the display is off and the internet connection is on, the malware turns the phone into a bot. Through a WakeLock feature, the device remains active even when you think it is in sleep mode.

The sturdily programmed bitcoin-mining malware is able to be manipulated by its author to change the mining pools and determine the bitcoin wallet that receives the mined digital currency, while maintaining the anonymity of its author. The malware also uses a feature called a WakeLock to prevent the device from going to sleep even if the display is turned off.

The bitcoin-mining is an arduous computational process that uses a great deal of power and processor memory, and if not checked can heat and burn out the gadget. As said by Meghan Kelly of Lookout, this is why the malware checks the phone display activity and power level before engaging the phone in the mining process. So whoever designed the malware knew exactly what he/she was doing!

About the wallpaper Apps

The wallpaper apps, which concealed the bitcoin-mining malware, were meant to provide live wallpapers. They actually do this, but if the aforementioned conditions are met, the apps secretly mine bitcoins.

Cryptocoins Mining Malware is a Real Challenge

This is not the first time bitcoin-mining malware is found in Google Play. Just a couple of weeks ago, Trend Micro antivirus providers, reported a crypto-currency mining app in the marketplace. It is obvious that hackers are trying to take advantage of powerful hand-devices to mine digital currencies. Their targets are mostly powerful smartphones and tablets.

Earlier, most cryptocurrency malware programs targeted wallets. This seems to have changed with powerful computer systems possessing mining capabilities, being the primary targets.  In a case of such attack, Iowa State University announced that its servers had been compromised by malware designed to mine bitcoins. Also last year, German police arrested a couple suspected of using a similar trick to mine bitcoins worth €700,000.


Michael Bentley, the head of the team that discovered BadLepricon, believes that attacks on mobile devices do not produce adequate hashing power to solve a bitcoin block.

However, going by the latest development and report from studies conducted by Kapersky Labs, it is obvious that more attacks are expected. Since the mobile gadgets become more powerful each day, more programs such as BadLepricon should be expected in the future.



Comments are closed.