False crypto-mining apps plague Google Play

Google has removed eight apps from its app store that claimed to be mining apps for cryptocurrency.

Researchers at Trend Micro said they found the fake apps masquerading as cryptocurrency cloud-mining applications. Users were fooled into believing the apps would earn them cryptocurrency by investing money into a cloud-mining operation.

Upon further investigation, researchers found that these malicious apps only tricked victims into watching ads, paying for subscription services, and paying for increased mining capabilities with nothing in return.

The apps removed from the store are BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, Crypto Holic – Bitcoin Cloud Mining, Daily Bitcoin Rewards – Cloud Based Mining System

Bitcoin 2021, MineBit Pro - Crypto Cloud Mining & BTC miner, and Ethereum (ETH) - Pool Mining Cloud.

While most were free to download, Crypto Holic – Bitcoin Cloud Mining cost $12.99 to download and Daily Bitcoin Rewards – Cloud Based Mining System cost $5.99. Some of the apps have even been downloaded more than 100,000 times. Researchers warned that over 120 fake cryptocurrency mining apps are still available online.

Trend Micro’s researchers’ analysis found these apps did not have any cryptocurrency-mining behavior.

“The fake mining activity on the apps’ user interface (UI) is carried out via a local mining simulation module that includes a counter and some random functions,” said researchers.

Despite lacking mining functionality, some apps prompted users to pay $14.99 to $189.99 via in-app billing systems for increased cryptocurrency-mining capabilities.

“The app called Daily Bitcoin Rewards – Cloud Based Mining System prompts its users to upgrade their cryptomining capacity by “buying” their favorite mining machines to earn more coins at a faster rate,” said researchers.

One app appeared to cover its tracks by stating it was a game that does not have any cryptocurrency-mining functionality in its terms of use.

“If users relied solely on how the application’s UI is configured and designed and didn’t read the app’s terms of use, they may have used it and made in-app purchases without knowing that it’s just a game,” said researchers.

Two other fake crypto apps pestered users by prompting them to click on ads during fraudulent crypto-mining activities to prove they aren’t robots. Users are informed they can start mining after viewing in-app video ads.

The apps also prompt users to invite several friends to download the app to unlock the withdrawal interface.

“However, even after users are able to invite friends and unlock the withdrawal interface, they wouldn’t be able to withdraw cryptocurrency from the app as it is always in a waiting state,” researchers warned.

Researchers said users could spot fake apps by carefully reading the app’s reviews and entering an invalid or wrong cryptocurrency wallet address.

“Confirm if there is a withdrawal fee. The transfer of cryptocurrency requires a handling fee, which is relatively high compared to what is typically made from cloud mining. Hence, free withdrawals are very suspicious,” said researchers.