Threat Research

Fortinet Discovers New Android Apps that Mine the Unminable

By Axelle Apvrille | October 11, 2018

Cryptocurrencies don't all work the same way. Some are minable, some aren't. For example, Ripple (XRP), Cardano (ADA) and Tether (USDT) aren't minable.

Despite this fact, several applications pose as miners for those currencies on Android ;) Do not be fooled, they are all malicious, if not scams.

It's not the first time that researchers have spotted such miners on Android marketplaces: Lukas Stefanko already noticed some in February. However, the samples below are new and are believed to have been hiding under the radar since May 2018.

A collection of fake miners created by developer 'lovecoin'. You'll notice some of them claim to mine Ripple, Cardano and Tether...

Fake Mining

The app displays a (fake) miner as below.

App claims you start mining Ripple by pressing the Start button...This is impossible.

But check the code: the mining speed is generated randomly.

  • A new thread is created
  • The mining speed is absolutely fake. The digit before and after the comma are random.
  • The random numbers are displayed (setText)
  • There is no mining at all... (and for Ripple, it's impossible by design anyway) 

Withdraw Currencies

The app has a menu, and one of the possible choices is "Withdraw" to presumably collect your mined currencies. At this point, you probably won't be surprised that this withdrawal will not succeed.

To the question "Are you want to Withdraw now?" (English as in code...), there are only two alternatives:

  1. Yes. Then, the application complains your wallet address is incorrect. Too bad ;-)
  2. No. Closes the window.

So, in all cases, you won't be able to withdraw.

What's Their Business?

As far as we know, the only business around those applications is for their author to display ads and collect revenue:

So, basically, the idea is to fool the end-user in downloading an adware.

Protection

Fortinet customers are protected from these scams, detected as Riskware/FakeMiner!Android.

-- the Crypto Girl

IOC

Unminable:

  • 9ccfc1c9de7934b6f1c958d73f8e0b969495fce171e48d642ec4c5bad3dc44cb
  • 8890366fc67c5a896d7494b3de3cf87debe0d0f96548cec9f81d072e3442716b
  • 4a67d5c5bf0e1dba3d215c15e95ce1bdbd2f9fca4e103a0e702161d6efc3aae6

Fake miners of the same family:

  • 0a25f286986149202eda1fdb336f80a6a035d0966a785573e676217151b7ccba
  • 7054160813fddd4a94e393eba4764cda356e631f229f69a062e5a34ec39e1cb4
  • 074c93f24e9de178a4af73e69d26c1da06a29be0c6a4b0f8893b27add7ce47fe
  • 7403ab326a6afdb07a5e717792bf9dfea09303f044f1fdadea86c6b3a81f5030
  • a2ecfd59b8fdec7eb5d5a139bae77815c25ed347e05d57de9847210acce5d4f6
  • c06815b3e2c10d5bbb4a7aa1a15bad00eb79d012e5bb5a1a37d24c68eda1818b 

 

Download our latest Fortinet Global Threat Landscape Report to find out more detail about recent threat landscape trends.

Sign up for our weekly FortiGuard Threat Brief.

Know your vulnerabilities – get the facts about your network security. A Fortinet Cyber Threat Assessment can help you better understand: Security and Threat Prevention, User Productivity, and Network Utilization and Performance.