Thousands of Android users scammed by fake cryptomining apps

There’s no AI for testing trust

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have discovered a majorcryptominingscam, perpetrated via hundreds ofAndroid apps.

Unraveled by the Lookout Threat Lab, the scam tricked over 86,000 people into thinking they are paying forcloud cryptominingservices.

The researchers argue that the apps, some of which were listed on theGoogle Play store, weren’t flagged since they don’t actually appear to do anything malicious.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

“They are simply shells set up to attract users caught up in thecryptocurrencycraze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception,” said Ioannis Gasparis, a mobile application security researcher at Lookout.

Caveat emptor

Caveat emptor

In theirbreakdown of the scam, Lookout notes that all the scam apps can broadly be classified into two distinct app families, namely BitScam and CloudScam.

The BitScam and CloudScam apps advertise themselves as providing cloud cryptocurrency mining services for a fee.

The majority of BitScam and CloudScam apps were paid apps, and furthermore also offered paid subscriptions and commercial services related to crypto mining.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

After carefully analyzing the apps, the Lookout researchers found that no cloud crypto mining actually takes place, and the scammers simply pocketed the money their victims spent on the apps and paid upgrades, with over $350,000 thought to have been generated.

In all, Lookout identified more than 170 apps. While a majority of these were sideloaded from third-party app stores, 26 were available for download on Google Play, but have now been removed.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere