Google recently removed eight apps from the Play Store after researchers discovered they were posing as cryptocurrency cloud-mining software, and in reality tried to dupe users into making in-app purchases or clicking on mass ads.
Although the apps were removed from Google Play, researchers noted that many of the same issues remained unresolved.
“We discovered that these malicious apGoogle recently removed eight apps from the Play Store after researchers discovered they were posing as cryptocurrency cloud-mining software. ps only trick victims into watching ads, paying for subscription services that have an average monthly fee of $15, and paying for increased mining capabilities without getting anything in return,” according to Cifer Fang, a researcher at Trend Micro, in a post on Wednesday.
The bogus ads were:
- BitFunds – Crypto Cloud Mining
- Bitcoin Miner – Cloud Mining
- Bitcoin (BTC) – Pool Mining Cloud Wallet
- Crypto Holic – Bitcoin Cloud Mining
- Daily Bitcoin Rewards – Cloud Based Mining System
- Bitcoin 2021
- MineBit Pro – Crypto Cloud Mining & btc miner
- Ethereum (ETH) – Pool Mining Cloud
Some of these apps, like the Bitcoin Fund, have been downloaded over 100,000 times. Also, two of the apps required users to purchase them: Crypto Holic – Bitcoin Cloud Mining costs $12.99 to download and Daily Bitcoin Rewards – Cloud Based Mining System cost $5.99.
According to Trend Micro, no actual mining activity was carried out through installed apps. Nevertheless, some apps asked to perform upgrades for improved mining capabilities:
“The app called Daily Bitcoin Rewards – Cloud Based Mining System prompts its users to upgrade their cryptomining capacity by ‘buying’ their favorite mining machines to earn more coins at a faster rate,” Fang noted.
Other apps flooded users with ads with the goal of getting victims to click on an ad.
“Users are prompted to click on ads during fraudulent cryptomining activities to prove that users are not robots,” Fang explained. “Users are informed that they can start mining after viewing video ads within the app. [Also] users are informed to watch in-app video ads to increase mining speed.”
Trend Micro warned that though the fake apps have been removed, searching the keywords “cloud mining” on Google Play reveals several other applications of the same type that look suspicious and may be malicious.