A piece of malware dubbed “BadLepricon” has been discovered hiding in several apps on Google Play. This malware, hidden in wallpaper apps, would covertly use the smartphone’s processor to mine Bitcoin for its creators. These apps were downloaded between 100 and 500 times, giving the attackers with a reasonably large pool of phones to do their mining.
Mining cryptocurrency using a smartphone is highly inefficient, and the owner usually notices something wrong when the battery drains very quickly. Bitcoin is particularly difficult to obtain these days, as mobile security provider Lookout mentions in their blogpost about BadLepricon. This has not deterred the creators of the malware, and they have even designed the malicious software to only operate while the battery level was about 50 percent.
BadLepricon also uses a stratum mining proxy, which allows its controller to switch mining pools or change the wallet associated with the mining operation. All this makes it a very carefully planned piece of malware that was potentially meant to remain hidden for a very long time.