This Malware Can Physically Destroy Your Android Phone

It all begins with Bitcoin, or other cryptocurrencies, of which there are now over 900 varieties. I realize that almost no one understands how Bitcoin operates, but I will make a valiant attempt to oversimplify the underlying architecture because, without understanding this, it would be impossible to explain how Bitcoins can destroy your smartphone.

To use Bitcoin, you need a Bitcoin address, which you can get for free. You also need a Bitcoin wallet. Most people get the wallet first because a Bitcoin address will come with it. The address is simply a set of 25 to 36 characters. It is not connected to a name or real life address. No one knows who owns the address but everyone in the Bitcoin world knows that your address exists. They need to know this if they want to send you money. You have a private key to open your wallet and get your Bitcoins.

Bitcoin uses something called a ‘blockchain’. This is a record of all the transactions ever of every Bitcoin in use. Everyone can see how many Bitcoins are held by any address, but, of course, they don’t know the person connected to that address. Everyone can see every transaction that is made. However, keeping track of all these transactions is difficult work. That’s why the currency needs people who will do it for a small amount of money. These people are called, ‘miners’. Miners, or at least their computers, have to work 24/7.

If a person wants to send a Bitcoin to another person, they verify the transaction with their private key. The potential transaction is then analyzed by the miners, who determine whether the transaction is valid. After validation, the person will receive the money. If there weren’t enough miners, those receiving Bitcoins would have to wait a long time to get their money. So, to make the system run smoothly, miners must work nonstop. The more they work, the more they get paid. They are paid in Bitcoins (actually, fractions of Bitcoins) for their work.

There is another aspect of mining which confuses most people. It involves solving complex mathematical problems to add encrypted and logically connected blocks to a blockchain. The problems are so difficult to solve that Bitcoin miners often work together in mining pools. This is because solving these difficult problems requires a lot of computer power. The miners in these pools can combine their computing power to solve these problems more efficiently. In fact, that’s the only way small groups of individuals can compete with big mining companies. These big mining companies (81%) are mainly located in China, as can be seen in the chart below. .

bitcoin mining

The Chinese miner, AntPool, is the biggest Bitcoin miner, controlling 25% of the Bitcoin mining market.

bitcoin miners

An average person wanting to pursue mining must invest in a custom made computer with a special graphics cards, a high speed processor, a reliable power supply, memory, cabling, and a fan, all of which would be an investment of about $3,000 to $4,000, if not more. The mining computer would probably do best in its own air conditioned room. Since it would require so much computing power, it would only be used for mining.

The Chinese operations are vast. The computers are stored in massive warehouses that are often near power stations.

bitmain

Notice the power transmission lines in the background. It has been reported that Bitcoin’s “mining” network uses more electricity in a year than the whole of Ireland”. Obviously, as interest in Bitcoins grows, so, too, will power consumption. Since China depends on cheaper coal-fired power, especially in the areas where Bitcoins are mined, it would not be farfetched to connect Bitcoin mining directly to environmental degradation.

So what does all this have to do with destroying your Android phone? You can imagine that this lust for Bitcoins and its accompanying need for more power have encouraged unethical miners to find alternate ways to make money. Making money means controlling computing power. Some streaming websites have been infiltrated so that miners could siphon off some of their computing power. Recently, malware named, Loapi, has been discovered doing the same to Android phones. Unfortunately, these infected phones will mine continuously, making them almost unusable. What’s worse is that, as Kaspersky labs found, they will overheat to the point that they warp the case, possibly destroying the phone in the process.

Be careful, because this news has been inaccurately reported on a number of websites and by other media outlets. Some have claimed that the phone began smoking while others said it melted. In truth, none of this was reported by Kaspersky. Actually, I have not found this experiment duplicated by any other reliable lab. That said, the “bulging” reported by Kaspersky could certainly lead to the phone losing some, or all, of its capabilities.

This may just be the beginning. Recently, Trend Micro found a number of legitimate apps on Google Play that were hiding mining malware. They also warn of a new mining scheme using Facebook Messenger. Though Trend Micro and others believe that the CPU mining power of smartphones is limited, the competition for computing power among the growing number of cryptocurrencies is forcing miners to take advantage of every free kilowatt they can find. So if your phone seems slower than usual, your battery life is decreasing rapidly, and you notice your phone overheating, it might be a good idea to see what apps you may have recently installed.

With the growing interest in cryptocurrencies, miners are looking for a variety of new ways to make money. Browser-based mining has returned and more mining-infected apps sneak into Google Play everyday. Add to this coinhive.com; a website which supplies a plug-in that anyone can use to mine coins on their website… without telling visitors they are doing so.

coinhive

In addition, miners are hacking websites to install this mining plug-in without the website owner even realizing it.

It seems clear that hacking-to-mine is going to be of growing interest for attackers looking to make some quick money. Although some antivirus software makers are responding to this new threat, most are lagging in preventing such attacks. In the future, you can expect to see corporate networks being infiltrated by miners, because, quite simply, that’s where the money is.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s