An­droid apps are vul­ner­a­ble to at­tacks, ex­perts warn

Daily Trust - - IT WORLD - By Zakariyya Adaramola, with agency re­ports

An­droid own­ers who find their bat­tery life fail­ing could have had their phones hi­jacked by hack­ers us­ing it to mine bit­coin, Se­cu­rity ex­perts have warned.

Most smart­phones are run on An­droid Op­er­at­ing Sys­tem (OS), mak­ing it the leading OS across the world.

But se­cu­rity ex­perts yes­ter­day said they have found ‘rogue’ apps that al­low hack­ers to mine for bit­coin in the An­droid back­ground.

Al­though Google has al­ready re­moved dozens of the apps, se­cu­rity firm Look­out warns there could be more out there.

Re­searchers say the key signs area rapidly de­plet­ing bat­tery and a hand­set that feels un­usu­ally warm.

They also ad­vised: Make sure the An­droid sys­tem set­ting ‘Un­known sources’ is unchecked to pre­vent dropped or drive-by­down­load app in­stalls.

Down­load a mo­bile se­cu­rity app that pro­tects against mal­ware as a first line of de­fense.

‘Your phone is run­ning low on bat­tery and it seems to be work­ing harder than usual. Would you ever sus­pect that it was se­cretly min­ing Bit­coin for some­one you don’t know?’ it said.

The firm yes­ter­day re­vealed it found a piece of mo­bile mal­ware in Google Play that qui­etly uses the phone’s pro­cess­ing power to cre­ate new coins.

‘We call it BadLepri­con,’ they said. ‘And yes, that is how the mal­ware au­thors spelled ‘leprechaun’. We hope they were go­ing for a clever play on the word ‘con’. The mal­ware comes in the form of a wall­pa­per app.’

Google re­moved five of these ap­pli­ca­tions af­ter we alerted them to the is­sue, but it is be­lieved the apps had be­tween 100-500 in­stalls each at the time of re­moval.

Look­out says bit­coin ‘rogue apps’ could be­come com­mon­place. ‘We ex­pect to see more mo­bile min­ers come to the fore­ground,’ the firm warned.

The warn­ing is the sec­ond over bit­coin apps that can in­stall them­selves on An­droid hand­sets.

Last month re­searchers dis­cov­ered CoinKrypt that fo­cused on coins such as Lite­coin, Do­ge­coin, and Casinocoin.

The people be­hind this mal­ware de­cided to go for these ‘low-hang­ing fruit’ coins be­cause you can ac­tu­ally mine more coins with less com­put­ing power.

How­ever, the re­searchers say both scams were un­likely to have made hack­ers much money.

‘A phone’s com­put­ing power doesn’t ac­tu­ally re­sult in that many coins,’ they said.

Newspapers in English

Newspapers from Nigeria

© PressReader. All rights reserved.