Google has removed eight malicious mobile apps masquerading as cryptocurrency cloud mining applications from the Play Store, according to a report by cybersecurity firm Trend Micro.

The firm discovered eight malicious apps disguising as cryptocurrency cloud mining apps meant to trick users.

"Due to an increased number of people who are interested in learning about mining cryptocurrency, cybercriminals are actively exploiting people’s interest not just by deploying cryptocurrency-mining malware, but by creating fake Android apps that target those interested in virtual coins," the company said in a blog post.

"We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications," it added.

These malicious apps trick victims into watching ads, paying for subscription services that have an average monthly fee of $15, and paying for increased mining capabilities without any returns, as per the report. After the company reported its findings to Google Play, the apps have been promptly removed from the Play Store.

These fraudulent apps were BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, Crypto Holic – Bitcoin Cloud Mining, Daily Bitcoin Rewards – Cloud Based Mining System.

Bitcoin 2021, MineBit Pro - Crypto Cloud Mining & BTC miner and Ethereum (ETH) - Pool Mining Cloud.

Two of these were paid apps requiring users to purchase it. These were Crypto Holic – Bitcoin Cloud Mining which cost $12.99 to download, while Daily Bitcoin Rewards – Cloud Based Mining System was priced at $5.99.

Fake apps

The firm also found "concerning applications" similar to such apps upon searching the keywords “cloud mining” on Google Play. Some of these apps have even been downloaded more than 100,000 times.

"Based on Trend Micro Mobile App Reputation Service (MARS) data, more than 120 fake cryptocurrency mining apps are still available online. These apps, which do not have cryptocurrency mining capabilities and deceive users into watching in-app ads, have affected more than 4,500 users globally from July 2020 to July 2021," it said.

As per its analysis of the eight malicious apps, these apps did not have any cryptocurrency-mining behaviour. The fake mining activity on the apps’ user interface (UI) was carried out through a local mining simulation module which consisted of a counter and some random functions.

Despite not being related to cloud-mining operations or having any cryptocurrency-mining features, some of these apps prompted users to pay for increased cryptocurrency-mining capabilities via the apps’ in-app billing systems. These payments ranged from $14.99 to $189.99.

For instance, one such app called Daily Bitcoin Rewards – Cloud Based Mining System prompted users to upgrade their crypto mining capacity by “buying” their favourite mining machines to earn more coins at a faster rate.

Some of these fraudulent apps are listed under the Play Store’s finance category and are described as cloud mining applications on the applications’ display pages.

However, as per the terms of using one of these apps, it is only a game that does not have any cryptocurrency-mining functionality with no obligation to issue cryptocurrency payments to its users. The app also fails to guarantee returns for any virtual goods and features purchased in the app.

Trend Micro also found that some of these fake crypto mining applications prompted users to click on ads instead of paying for increased computing power.

"Unfortunately, even if users browse in-app ads, they won’t get any revenue. Users are prompted to invite several friends to download the app to unlock the withdrawal interface," it further explained.

Users were also prompted to invite friends to unlock the withdrawal interface. Once users were able to invite friends and open the withdrawal interface, they wouldn’t withdraw cryptocurrency from the app. This functionality would always be waiting.

To avoid such incidents, users can install and leverage security solutions that warn them when they encounter fraudulent applications.