Cybersecurity researchers have discovered a major cryptomining scam, perpetrated via hundreds of Android apps.
Unraveled by the Lookout Threat Lab, the scam tricked over 86,000 people into thinking they are paying for cloud cryptomining services.
The researchers argue that the apps, some of which were listed on the Google Play store, weren’t flagged since they don’t actually appear to do anything malicious.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
“They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception,” said Ioannis Gasparis, a mobile application security researcher at Lookout.
Caveat emptor
In their breakdown of the scam, Lookout notes that all the scam apps can broadly be classified into two distinct app families, namely BitScam and CloudScam.
The BitScam and CloudScam apps advertise themselves as providing cloud cryptocurrency mining services for a fee.
The majority of BitScam and CloudScam apps were paid apps, and furthermore also offered paid subscriptions and commercial services related to crypto mining.
After carefully analyzing the apps, the Lookout researchers found that no cloud crypto mining actually takes place, and the scammers simply pocketed the money their victims spent on the apps and paid upgrades, with over $350,000 thought to have been generated.
In all, Lookout identified more than 170 apps. While a majority of these were sideloaded from third-party app stores, 26 were available for download on Google Play, but have now been removed.
