In a report that has the Android emulator community in an uproar, popular Android emulator Andy OS has been accused of installing malware that utilizes a host computer's graphics processing unit (GPU) to endlessly mine cryptocurrency. This follows news that some Asian Android phones were targeted by malware in February.
A reddit user indicated that – after noticing odd GPU stats on their gaming rig – a secret cryptocurrency mining program was discovered that had automatically been included when Andy was installed:
"I noticed that in every single game I played I suffered major [frames per second] drops at seemingly random times. I checked my GPU usage and temps and noticed they were working at roughly 80% load and 80+ degrees C whilst gaming. Very unusual for my setup. I opened task manager and sorted it via what was using the most GPU power and found a process named 'updater.exe'. After further inspection I noticed that this installed along with Andy."
The redditor then wrote that they created a YouTube video, published June 18, to support the accusation. Every version of Andy that is currently available was downloaded to show that the suspect program, "updater.exe," is installed automatically. The user included instructions for the removal of the miner. The user says that they were removed from Andy's Facebook group, and Andy is accusing them of utilizing a faulty installation package.
This reflects a rise in malware miners, or cryptojacking, globally. The 2017 speculation-driven spike in bitcoin prices led to a rise in mining activity. For some, the way around the expense of setting up mining servers and paying skyrocketing electricity costs was to pass the cost on.
"Cyber criminals use coinminers to steal victims' computer processing power and cloud CPU usage to mine cryptocurrencies," cyber protection firm Symantec wrote in its 2017 threat assessment report. "The barrier to entry for coin mining is pretty low – potentially only requiring a couple of lines of code to operate – and coin mining can allow criminals to fly under the radar in a way that is not possible with other types of cyber crime." The report went on to say:
"Victims may not even realize a coinminer is slurping their computer's power as the only impact may be a slowdown of their device that they could easily attribute to something else. However, coin mining on a device could potentially cause batteries to overheat and devices to become unusable."
Symantec found a 600 percent increase in cryptojacking attempts from 2016 to 2017.
"To date, the popularity of malicious cryptocurrency mining activity continues to skyrocket," Grunzweig wrote. "It is clear that such activities have been incredibly profitable for individuals or groups who have mined cryptocurrency using malicious techniques for a long period of time."
"Cryptojacking scams have continued to evolve, and they don't even need you to install anything," Jason Adler, assistant director of the Midwest Region of the FTC, wrote. "Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device's processor without you even knowing. You might make an unlucky visit to a website that uses cryptojacking code, click a link in a phishing email, or mistype a web address. Any of those could lead to cryptojacking."
"While the scammer cashes out, your device may slow down, burn through battery power, or crash."