'Coinkrypt' malware mines cryptocurrencies on Android

But the simple malware is likely to run a battery down, or worse, cause a phone to overheat

A malicious software program for Android that mines lesser-known cryptocurrencies could cause phones to overheat, a mobile security company warned Wednesday.

The "Coinkrypt" malware appears to not be very widespread and has been seen in Spanish-language forums discussing pirate software, wrote Marc Rogers, a principal security researcher with Lookout Mobile Security.

The malware doesn't steal data. Instead, it "mines" digital currency by participating in the peer-to-peer networks that verify transactions through a cryptographic proof-of-work system, which Bitcoin and other alternative virtual currencies use.

To earn any meaningful returns, Bitcoin's network requires high-powered computers for mining. Coinkrypt skips Bitcoin and instead processes transactions for emerging digital currencies such as Litecoin, Dogecoin and Casinocoin, Rogers wrote.

Targeting those cryptocurrencies "might yield more coins with less work," he wrote. Still, the processing is taxing for a mobile device.

Coinkrypt is a quite basic program, which means it may not have the restrictions that other mining programs have that throttle the rate at which the coins are mined to avoid damaging a computer's hardware.

"Mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out," Rogers wrote. "Users affected by this malware will find their phones getting warm and their battery-life massively shortened."A

There's another ill effect. The public record of transactions for many virtual currencies, known as a "blockchain," are usually very large files. Coinkrypt might eat up a person's mobile data plan trying to download it, Rogers wrote.

It's unlikely Coinkrypt is earning much money. Rogers wrote that Lookout analysts ran another mobile mining program for Litecoin called "AndLTC" on an LG Nexus 4 phone. After seven days of mining, the application generated about US$0.20 worth of Litecoin.

"Despite the fact that this malware author was likely targeting the lower hanging digital currency fruit, mining likely isn't worth the return on investment for this malware," Rogers wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies