Irina Novoselsky, CEO of CareerBuilder, suggests that people in cryptocurrency trading find a “sideline” that keeps them from getting back to work.

Security researchers have identified over 170 Android apps that scam cryptocurrency miners.

The apps were designed solely to steal money from people mining cryptocurrencies, said security researchers at Lookout Threat Lab, a cloud security company.

The apps cheated on more than 93,000 people and stole at least $ 350,000 between users who paid for apps and bought additional fake upgrades and services, said the researchers, who divided the apps into two families called “BitScam” and “CloudScam” .

Security researchers have identified over 170 Android apps that scam cryptocurrency miners. (iStock)

“What made it possible [these apps] Flying under the radar means they’re not doing anything really malicious. In fact, they do next to nothing. They’re just clams to raise money for services that don’t exist, ”the researchers said in a report.

And the development of crypto mining is making fraud easier.

Cryptocurrency mining uses the processing power of computers to solve complex math problems that verify cryptocurrency transactions. Miners are then usually rewarded with a small amount of cryptocurrency.


By and large, there are two mining strategies. One of these are mining pools, where individuals can contribute computing power to obtain cryptocurrency. Cloud mining is the further development of mining pools. In this case, cloud miners rent cloud computing power – similar to cloud computing.

“Cloud mining harbors both convenience and cybersecurity risks. Because of the simplicity and agility of cloud computing, it’s quick and easy to set up a realistic looking crypto mining service that is really a scam, ”the researchers said.

How the scams work

Most of the fraudulent apps were paid for so the scammers could pocket the money from the app sales. The apps also offered subscriptions and services that users could pay for through Google Play’s in-app billing system.

Upon logging in, a user would see an activity dashboard showing the available hash mining rate – the amount of computing power that mining brings into the network – as well as the number of coins they have “earned”. The hash rate would usually be very low to encourage users to buy upgrades that promise faster mining rates.

“After analyzing the code and the network traffic, we found that the apps show a fictional coin level and not the number of coins mined. The displayed value is simply a counter that is slowly incremented in the app, ”said the researchers.

BitScam-style scams give users the option to purchase “virtual hardware” to increase the rate of mining. Virtual hardware costs between $ 12.99 and $ 259.99 and can be purchased through either Google Play or Bitcoin and / or Ethereum.


Apps were also designed so that users were not allowed to “withdraw” coins until they reached a minimum balance. And even if a minimum balance was reached, users could not withdraw coins, the researchers said.

“The app would display a message telling the user that the withdrawal transaction is pending, but behind the scenes it would simply reset the user’s coin balance to zero without transferring any money to the user.”

While the apps have now been removed from Google Play, dozens more are still circulating in third-party app stores, the researchers said.

“The scammers who operate this scheme were able to take advantage of the existing frenzy of the hot cryptocurrency market,” the report said.