Android app by Indian developer caught mining bitcoins

Songs, an app probably used by a few million Indian Android users, was among the two apps recently caught covertly using smartphones for mining bitcoins and dogecoins. Security researchers at Trend Micro, a company that makes antivirus and other security applications, recently wrote in a blog that 'Songs' and 'Prized - Real Rewards & Prizes' were using smartphones to covertly mine for virtual currency. Mining virtual currency like bitcoin or dogecoin requires lots of computing power. If an app uses a smartphone to mine virtual currency, the process is likely to keep the processor running at 100%, resulting in poor battery life and heating of the device.
Trend Micro said the apps being used for bitcoin and dogecoin mining were injected with ANDROIDOS_KAGECOIN, a malware. "(Some) coin mining apps were found outside of the Google Play Store, but we have found the same behaviour in apps (Songs and Prized) inside the Google Play Store. These apps have been downloaded by millions of users, which means that there may be many Android devices out there being used to mine cryptocurrency for cybercriminals," a Veo Zhang, a mobile threat analyst with Trend Micro wrote in the blog.

"Analyzing the code of these apps reveal the cryptocurrency mining code inside. Unlike the other malicious apps, in these cases the mining only occurs when the device is charging, as the increased energy usage won't be noticed as much."

After the Trend Micro blog post, Prized and Songs were removed from the Play Store by Google.

Of the two, Songs was more popular. It was downloaded five to 10 million times and had a rating of 4 stars. Songs claimed to give users free access to Bollywood and songs in regional languages like Punjabi and Tamil.

On the Play Store, clicking on the developer's website specified in the description page of Songs let to an error. While the developer was listed as "Da Xpert" for the app, the email address of the app hinted it was created by one Mukesh Verma. TOI wrote to the specified email address, seeking response on the Trend Micro report, but did not receive any reply.

Trend Micro said that it believed "with thousands of affected devices, cybercriminal accumulated a great deal of dogecoins."

"Reading the app description and terms and conditions on the websites of these apps, users may not know that their devices may potentially be used as mining devices due to the murky language and vague terminology," wrote Zhang.

"Users with phones and tablets that are suddenly charging slowly, running hot, or quickly running out of batteries may want to consider if they have been exposed to this or similar threats," Zhang advised Android users.