Using distributed computing power to solve massive problems is nothing new. Initially released in 1999, SETI@home uses the computing power of hundreds of thousands of devices to analyze radio signals in search of extraterrestrial life, according to NASA. With that in mind, it should come as no surprise that the less scrupulous have found a way to exploit this tool for personal gain.
Enter BadLepricon
In an April 24 blog post, security firm Lookout reported that it had discovered a piece of mobile malware in the Google Play store, dubbed ‘BadLepricon’, that used the processing power of inactive phones to mine bitcoin. The authors of the blog post emphasized that the misspelling of the word ‘leprechaun’ was the malware authors’, and not their own.
According to Lookout, the malware was disguised in wallpaper apps that varied in theme from “attractive men” to “epic smoke” to “anime girls.” While the apps did provide the service that they advertised, they also checked the phone every five seconds for battery level, wi-fi connectivity and whether the display was off. When the phone was above 50 percent battery level, connected to a network and not using its display, the malware used the phone’s computing power to work with the few thousand other infected phones to mine.
Michael Bentley, head of the research and response team at Lookout, told CoinDesk that the reason that the malware checked battery life was actually to protect the phones, as mining software can damage or quickly wear out a mobile device without this protection.
“When [malware authors] are looking into protecting the phone, making sure certain conditions exist, and making sure you’re participating in a pool, it tells us that they are a more experienced developer,” Bentley told the news source.
Technology still not quite there
The five apps each had between 100 and 500 installs at the time of their removal, Lookout explained. While this comes out to a sizable number of devices, there was likely little real financial benefit had by the authors, as the difficulty of making a bitcoin continues to increase. The security firm cited a recent experiment using 600 quadcore servers, which only managed to generate a total of 0.4 bitcoins over the course of a year.
“As cellphone power increases, and as devices are [more] available, it’s a logical next step,” Bentley told CoinBase. It’s just not there yet.
BadLepricon is only the most recent piece of malware discovered on the Google Play store designed to mine crypto-currency, according to the news source. Earlier this year, two apps were discovered that used mobile devices to mine dogecoin and litecoin – presumably because of the greater ease of mining the latter two currencies.
This particular use of distributed computing was clearly exploitative, but there is a silver lining. Organizations like MineAid International, which recently completed a test run, aim to use distributed computing power to mine bitcoin for charity.
