Five examples of ‘live wallpaper’ apps were discovered and removed by Google after the malware was found. In this case, each app only had between 100 and 500 downloads, so luckily not many people were affected.
The apps in question did perform their advertised task – giving you live wallpapers. However, every five seconds the apps scanned your phone to check the battery level, connectivity, and whether the phone’s display was on. If the battery was over 50% charged, the display off and a network connection available, the app will start using your phone to mine Bitcoin. This would run down your device battery, and use your data plan.
One of the malware wallpaper apps, Epic Smoke Live Wallpaper.
One phone will not be able to mine many Bitcoins, but the malware creates a network of phones, which together would have created quite a powerful resource. The apps did not explain to users that they mined Bitcoin while you were not using the device.
These wallpaper apps are not the first to hide currency mining in their code. In March, two apps, Songs and Prized were discovered to be mining crypto-currencies, and they each had between one and five million downloads. Both were also removed from Google Play, but the malware has been found packaged with other apps that are available outside Google’s official store.
This highlights the danger of using some unofficial stores, and is also yet another example of malware finding its way into Google Play.
Symptoms of having this kind of malware are faster than usual battery drainage, phones running ‘hot’ even when you’re not using them or phones that charge unusually slowly.