ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Tuesday Dec 11th 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Allegations Against Popular Android Emulator Shows Rising Threat of ‘Cryptojacking’

By

Frederick

Reese

WriterETHNews.com

Accusations against Android emulator Andy OS of surreptitiously installing a cryptocurrency miner on unsuspecting users’ computers reflect rising cases of malware mining, or cryptojacking.

In a report that has the Android emulator community in an uproar, popular Android emulator Andy OS has been accused of installing malware that utilizes a host computer's graphics processing unit (GPU) to endlessly mine cryptocurrency. This follows news that some Asian Android phones were targeted by malware in February.

A reddit user indicated that – after noticing odd GPU stats on their gaming rig – a secret cryptocurrency mining program was discovered that had automatically been included when Andy was installed:

"I noticed that in every single game I played I suffered major [frames per second] drops at seemingly random times. I checked my GPU usage and temps and noticed they were working at roughly 80% load and 80+ degrees C whilst gaming. Very unusual for my setup. I opened task manager and sorted it via what was using the most GPU power and found a process named 'updater.exe'. After further inspection I noticed that this installed along with Andy."

The redditor then wrote that they created a YouTube video, published June 18, to support the accusation. Every version of Andy that is currently available was downloaded to show that the suspect program, "updater.exe," is installed automatically. The user included instructions for the removal of the miner. The user says that they were removed from Andy's Facebook group, and Andy is accusing them of utilizing a faulty installation package.

This reflects a rise in malware miners, or cryptojacking, globally. The 2017 speculation-driven spike in bitcoin prices led to a rise in mining activity. For some, the way around the expense of setting up mining servers and paying skyrocketing electricity costs was to pass the cost on.

"Cyber criminals use coinminers to steal victims' computer processing power and cloud CPU usage to mine cryptocurrencies," cyber protection firm Symantec wrote in its 2017 threat assessment report. "The barrier to entry for coin mining is pretty low – potentially only requiring a couple of lines of code to operate – and coin mining can allow criminals to fly under the radar in a way that is not possible with other types of cyber crime." The report went on to say:

"Victims may not even realize a coinminer is slurping their computer's power as the only impact may be a slowdown of their device that they could easily attribute to something else. However, coin mining on a device could potentially cause batteries to overheat and devices to become unusable."

Symantec found a 600 percent increase in cryptojacking attempts from 2016 to 2017.

While there are legitimate cloud mining services, illicit mining both off and on the cloud is on the rise. As of this February, for example, Bad Packets Report had discovered over 34,000 websites running clones of the JavaScript mining library Coinhive.

Security researcher Josh Grunzweig has studied the proliferation of non-JavaScript cryptojacking, as reported by eWeek. Grunzweig found not only that Monero (XMR) is the cryptocurrency most likely mined by this software, but also that the total mined by the top suspected mining pools equaled 798,613.33 XMR (approximately $100 million).

"To date, the popularity of malicious cryptocurrency mining activity continues to skyrocket," Grunzweig wrote. "It is clear that such activities have been incredibly profitable for individuals or groups who have mined cryptocurrency using malicious techniques for a long period of time."

"Cryptojacking scams have continued to evolve, and they don't even need you to install anything," Jason Adler, assistant director of the Midwest Region of the FTC, wrote. "Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device's processor without you even knowing. You might make an unlucky visit to a website that uses cryptojacking code, click a link in a phishing email, or mistype a web address. Any of those could lead to cryptojacking."

"While the scammer cashes out, your device may slow down, burn through battery power, or crash."


Frederick Reese

Frederick Reese is a politics and cryptocurrency reporter based in New York. He is also a former teacher, an early adopter of bitcoin and Litecoin, and an enthusiast of all things geeky and nerdy.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Malware, cryptojacking or other Ethereum technology news.