Research Centre

[BlackAlps 18] Cryptocurrency mobile malware

Headlines typically refer to cryptocurrency malware as "the new ransomware" or 2018's new menace on computers. Whenever something big hits PCs, it usually gets ported to smartphones.

In this talk, we investigate the status of cryptocurrency malware on mobile phones. The first ones were Android/CoinKrypt and Android/BadLepricon. We reverse engineer code of some newer ones such as Loapi, AdbMiner, HiddenMiner or some of the numerous instances of CoinHive riskware. Despite their increasing power, mining on smartphones has its limits. For example, mining Bitcoin on a smartphone does not make sense. We see which cryptocurrencies are mined on smartphones and discuss how profitable this is for cyber-criminals. We follow the earnings of the authors of HiddenMiner, based on live captures we were able to get.