30 likes | 35 Views
Once the exclusive realm of a visionary verge movement, cryptocurrencies have lately become appealing to conservative retail investors. Throughout the COVID-19 pandemic, the estimation of cryptocurrencies sky-rocketed, reaching a market capitalisation of $2 trillion . Cybercriminals are always searching for the proverbial chink in crypto securityu2019s armour to make money. Cryptocurrencies are now in their crosshairs. Android crypto mining scams are the new plague. <br><br>https://fastactionrefund.com/cryptocurrency-scams/android-crypto-mining-scams-the-new-menace-facing-bitcoin-miners/
E N D
ANDROID CRYPTO MINING SCAMS – THE NEW MENACE FACING BITCOIN MINERS Oncetheexclusiverealmofavisionaryvergemovement,cryptocurrencies have latelybecomeappealingtoconservativeretail investors.Throughoutthe COVID-19 pandemic, the estimationofcryptocurrencies sky-rocketed, reachingamarketcapitalisationof$2trillion+. Cybercriminalsarealways searchingfortheproverbialchinkincryptosecurity’sarmourtomakemoney. Cryptocurrenciesarenowintheircrosshairs.Androidcryptominingscamsare thenewplague. Securityresearchersataprominentlabhave identified170+Androidapps, including25onGooglePlay,scammingcryptocurrencyzealots.Manyofthem areavailableglobally.Theseappstrumpettheirprovidingcloud cryptocurrencyminingservicesforafee.But,postanalysis, youfindthat no cloud crypto miningtakes place inreality. ToshieldAndroidusers,GoogleswiftlyshruggedofftheseappsfromGoogle Play.
The apps’entirecauseis tostealmoneyfromusers viaallowablepayment processesbutneveryieldupthepromisedservice.Asperoneanalysis,they swindled93,000+peopleandpilferedaminimumof$350,000betweenusers payingfor appsandpurchasingancillaryfakeupgradesandservices. Thelabmentionedabovehascategorisedtheseappsintotwo disparate familieswith the monikers– BitScam andCloudScam. Despitethetechnicaldifferencesbetweenthesetwofamilies,alloftheapps employasimilarbusinessmodel,implyingthatmultiplecriminalactorssetup rival businesses, targeting usersinthesame manner. Mostmalwareexecutescodethatperformssomemaliciousactivity.This malignantactivitycouldbe(tocitejustoneinstance)forexfiltratingprivate information toacommand-and-control server, asalsodisplaying advertisements outsideof the app’scontext orsendingpremiumtext messages. WhatfacilitatedBitScamandCloudScamappsflyingundertheradaristhat theydon’tdoanythingfactuallymalicious.Truthtotell,they hardlydoanything atall.Theyarenebulousskeletonsmeanttocollectmoneyfornon-existent services. Cryptominingevolutionfacilitatesscamming Cryptocurrencymining(AKA–cryptomining)deployscomputers’processing powertosolveabstrusemathematicalproblems.Thelattersubsequently verifycryptocurrencytransactions.Theminersarethenrewardedwithasmall amountofcryptocurrency.Acommonminingstrategyiscalledminingpools, whereinindividualscanchipincomputingpowersoastogetcryptocurrency in returnthat is commensurate withwhatthey contributed. Cloudminingistheexpansionofminingpools,justlikecloudcomputingisthe progressionofon-premisesdatacentrecomputing.However,insteadofusers purchasinghardwareandpayingbigelectricitybillstocontributetoapool, cloud miners leasecloud computing power. Cloudmining introducesbothhelpfulease andcybersecurityrisks.Becauseof the clarity anddexterity ofcloud computing,it isquick and easy tosetupan authentic-looking crypto-mining service that isreallyascam. Unfortunately, cybercriminalshavesetupschemesinasimilar vein tosteal fromdesktop users,too. BitScam&CloudScam–scammymodusoperandi Whileresponsiblecloudminingoperationscoulduseamobileappas its dashboard,theappwouldpossiblyhavehigh-qualitycode andadhereto safeguard codingpractices. However, carefulapp analysis exposes a disturbingdesign.Despiteseeminglystandingfordiverseminingoperations,
all of the apps examined partookof verysimilarcode and design.BitScam apps maybecreatedusing aframework thatdoesn’t needprogramming experience toshowhow green these apps are. ThemajorityofBitScamandCloudScamappsarepaid.Thismeansthethreat actorssnitchthemoneyfromthoseappsales.BothCloudScamandBitScam alsooffersubscriptionsandservicespertainingtocryptominingthatuserscan payforthroughtheGooglePlayin-appbillingsystem.What makesBitScam distinctive is that itsapps also accept Bitcoinand Ethereumaspayment options. Fictitiousearningactivities Post successfulloggingin,auser is greetedwithanactivitydashboardthat fronts the availablehash miningrate aswellas howmany coinstheyhave “earned.”Thehashrateexhibitedisgenerallyverylowso as to inveiglethe userintobuyingupgradesthatpromisefasterminingrates.Thisishow bothBitScamandCloudScam makemore money– bysellingin-app upgrades, additionalsubscriptionsandservices. IfcloudminingwasfactuallytakingplaceineitherBitScamorCloudScam,we would hope for thecoin amount displayed tobestoredin afail-safe cloud database and queried throughanAPI.Afteranalysingthe code and network traffic,thelabfoundthattheappsdisplayafancifulcoinbalance ratherthan thenumber of coinsmined.Thevaluedisplayed is simplya counterslowly augmented in theapp.Insomeofthe apps analysed,itwasobservedonly while theappis running in theforeground.Whenthemobile device is rebooted or theapp restarted,theapp isoften resetto zero. ContinueReading………