Categories: Malware

Coinkrypt Android malware used to mine digital currencies

Experts at Lookout Mobile Security have discovered that cyber criminals are spreading Coinkrypt malware to use victim’s mobile to mine digital currencies.

Security experts at Lookout Mobile Security firm have discovered that cyber criminals are adopting Coinkrypt malware to use victim’s mobile phone to mine digital currencies.

In many cases we discussed of the raise for criminal activities that targeted Google Android users, we saw mobile Rat like Dendroid and spear phishing campaigns, like the one discovered by

FireEye experts, which were based on a common Winspy RAT that was adapted to hit Android devices.

Cyber criminals are orienting their profitable activities on the exploitation of mobile platforms adapting the principal monetization techniques.

Security experts at Lookout Mobile Security firm have made a worrying discovery, cyber criminals are using the victim’s mobile phone to mine digital currencies. The researchers have found various malicious Android applications deployed on the official Google Play Store which include with the Coinkrypt android malware. The malicious code is served by criminals to turn the victim’s handset into crypto currency miners.

The attackers used the Coinkrypt to recruit bot to compose a crypto currency mobile botnet, the specific malware is designed exclusively to mine Bitcoin and also less popular coins like Litecoin and Dogecoin.

“We recently saw several versions of this malware family we call CoinKrypt, which is designed to hijack your phone in order to use it to mine digital currency for somebody else.”

“While it doesn’t steal any information from your phone, mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out.”

Currently, detection levels for CoinKrypt malware is very low, its distribution appears to be primarily through Spanish underground forums while most of the detections are in France.

The malware is considered too noisy, its presence on the Android presence cause the rapid consumption for battery charge. Another side effect is that CoinKrypt might suck up user’s data plan by periodically downloading the block chain, or a copy of the currency transaction history, a total amount of data of several gigabytes.

Unfortunately the case is not isolated, the colleagues at TheHackerNews listed another couple of cases spotted by experts at Trend Micro security firm. The two apps named ‘Songs‘ and ‘Prized – Real Rewards and Prizes‘ were both deployed on Google Play store infecting more thank one million of devices with ANDROIDOS_KAGECOIN.HBT Dogecoin mining malware.

Security experts remarked that cyber criminals are more oriented to mine Dogecoin or Litecoin because they are both crypto-currencies that don’t need great computational capabilities for mining.

“The difficulty for Bitcoin is so tough right now that a recent mining experiment using 600 quadcore servers was only able to generate 0.4 bit coins.” stated the post.

To avoid crypto-currency mining malware avoid to install applications from third-party stores and be aware of suspicious behaviors of mobile device.

Pierluigi Paganini

(Security Affairs – crypto-currency mining malware,CoinKrypt )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.