This story is over 5 years old.


20 Percent of Mobile Cryptocurrency Malware Attacks Are In the US

And infection rates could rise.
Image: Flickr/Mike MacKenzie

As the value of cryptocurrencies continues to rise, criminals are finding ways to get some digital money while offloading the expense to unsuspecting victims. The latest tactic: tricking Android users into downloading legitimate-looking apps that are packed with code that “mines” digital currencies for a hacker without their knowledge.

“With mining, it’s kind of like letting a stranger live in a van across the street and have access to your internet connection and your power subscription,” said James Nguyen, mobile product manager for cybersecurity firm Symantec, over the phone.


Trend Micro, another infosec firm, reported last week that mining malware masquerading as religious apps and more litter the Google Play store for Android devices. According to Symantec, the problem might get worse soon if criminals realize they can make a buck.

Read More: A 'Fortnite' Cheat Maker Duped Players Into Downloading a Bitcoin Miner

These attacks are already happening in North America. According to data from Norton Mobile Insights—Symantec’s mobile security wing—that the company shared with Motherboard, half of mobile cryptocurrency mining malware attacks are in Russia, and 20 percent are in the US. The rest are targeted in Ukraine and Belarus. “In the grand scheme of things, crypto mining malware is a low number (fraction of a percent [of all mobile malware]),” the company stated. “But if it proves to be lucrative to the developers, that number could rise.”

A recent spate of text message phishing attacks in Australia that tried to convince victims to download cryptocurrency mining malware to their phones may have been “a sign of susceptibility testing,” Norton said.

One example of mobile cryptocurrency mining malware that Symantec sent Motherboard appeared to be a fully-functioning crossword puzzle game, but in the background it was mining cryptocurrencies.

“An app can run completely silently, and there might not even be an interface or an icon,” Symantec’s Nguyen said over the phone. “It can run in the background and keep mining. It’s going to have high battery drain, and your device is going to be less responsive.”

Mining cryptocurrencies with malware was a thing around 2014, and mobile malware was also a trend in that year. Rising mining difficulty was thought to have made this attack obsolete since then due to the low processing power in phones, but skyrocketing values—Bitcoin went from around $2,000 USD per coin to nearly $8,000 per coin in about six months—seem to have made it an attractive proposition once more.

Its “making a comeback in 2017,” Norton told Motherboard.

Get six of our favorite Motherboard stories every day by signing up for our newsletter .