Coinkrypt Android malware used to mine digital currencies

09:30 ET, 31 March 2014

Experts at Lookout Mobile Security have discovered that cyber criminals are spreading Coinkrypt malware to use victim’s mobile to mine digital currencies.

Security experts at Lookout Mobile Security firm have discovered that cyber criminals are adopting Coinkrypt malware to use victim’s mobile phone to mine digital currencies. In many cases we discussed of the raise for criminal activities that targeted Google Android users, we saw mobile Rat like Dendroid and spear phishing campaigns, like the one discovered by FireEye experts, which were based on a common Winspy RAT that was adapted to hit Android devices. Cyber criminals are orienting their profitable activities on the exploitation of mobile platforms adapting the principal monetization techniques. Security experts at Lookout Mobile Security firm have made a worrying discovery, cyber criminals are using the victim’s mobile phone to mine digital currencies. The researchers have found various malicious Android applications deployed on the official Google Play Store which include with the Coinkrypt android malware. The malicious code is served by criminals to turn the victim’s handset into crypto currency miners. The attackers used the Coinkrypt to recruit bot to compose a crypto currency mobile botnet, the specific malware is designed exclusively to mine Bitcoin and also less popular coins like Litecoin and Dogecoin.

“We recently saw several versions of this malware family we call CoinKrypt, which is designed to hijack your phone in order to use it to mine digital currency for somebody else.”

“While it doesn’t steal any information from your phone, mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out.”

Currently, detection levels for CoinKrypt malware is very low, its distribution appears to be primarily through Spanish underground forums while most of the detections are in France.

The malware is considered too noisy, its presence on the Android presence cause the rapid consumption for battery charge. Another side effect is that CoinKrypt might suck up user’s data plan by periodically downloading the block chain, or a copy of the currency transaction history, a total amount of data of several gigabytes.


Unfortunately the case is not isolated, the colleagues at TheHackerNews listed another couple of cases spotted by experts at Trend Micro security firm. The two apps named  ‘Songs‘ and ‘Prized – Real Rewards and Prizes‘ were both deployed on Google Play store infecting more thank one million of devices with  ANDROIDOS_KAGECOIN.HBT Dogecoin mining malware.


Security experts remarked that cyber criminals are more oriented to mine Dogecoin or Litecoin because they are both crypto-currencies that don’t need great computational capabilities for mining.

“The difficulty for Bitcoin is so tough right now that a recent mining experiment using 600 quadcore servers was only able to generate 0.4 bit coins.” stated the post.

To avoid crypto-currency mining malware avoid to install applications from third-party stores and be aware of suspicious behaviors of mobile device.

Pierluigi Paganini

(Editor-In-Chief, CDM)





March 31, 2014

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...