This Russian Has The Power To Turn Millions Of Android Phones Into Cryptocurrency Miners : 0xbt

This Russian Has The Power To Turn Millions Of Android Phones Into Cryptocurrency Miners

By 0x

Forbes




A Puzzle game with up to 10 million downloads was updated to include a cryptocurrency miner. Then anti-virus companies started blocking it.

A "legal botnet" might seem like an oxymoronic statement. At best, it's risky phrasing. Most associate "botnets" with hordes of hacked computers controlled by a hidden botmaster with monstrous machinations, more often than not illicit profiteering.

But "legal botnet" was the term used by Russian developer Alexey Khripkov (who also goes by oxothuk, amongst other names) when describing his access to thousands, possibly millions, of Android devices thanks to his wildly popular games on Google's platform. His plan to monetise those games was via a crytocurrency miner, which would use up the phone's computing power in the background to carry out the mathematical puzzles required to unlock coins of various alternative currencies, mainly Magicoin. In recent months, he added the capability to Puzzle, a game with 10 million downloads, hoping all those users would help him turn a tidy sum.

Khripkov's plans have been scuppered, however. In recent days, anti-virus companies started blocking Puzzle, deciding the mining was malicious, as noted by cybersecurity researchers at Ixia, which published a blog on the developer's work Tuesday. Subsequently, he chose to remove the feature entirely, giving users the option to download another app, Reward Digger, that would give them in-game bonuses for helping him mine coins. But he says Google banned that app soon after Forbes' contact with him on Tuesday, leading him to suspect security researchers' warnings to the Android maker were causing him strife. (Google had not provided comment at the time of publication, neither on whether it had removed the app or, if so, why. Whatever the case, Reward Digger is no longer available on the Play market).


Google killed the Reward Digger app that had a cryptocurrency mining feature, according to its developer.

The developer, who also has two games on Apple's App Store (though without mining features, he said), has chosen not to risk deploying the mining code in his other apps, such as his most popular creation Mind Games, with between 10 million and 50 million downloads, or a crossword game with between five and 10 million.

 

'No criminal hacker here'

Khripkov isn't happy about the attack on what he sees as a completely legal method of making some money. Speaking with Forbes over email and Skype from Moscow, Khripkov was entirely transparent about his work, saying he was no malevolent hacker, just a legitimate developer trying to make a living.

"'Legal botnet' is only words. It means I have control over thousands of devices," he said, responding to questions about the phrase, which he'd previously used on a Bitcoin forum earlier this year. "I do not do any evil things like illegal botnets... In my app you can control mining, you enable if it's acceptable for you or disable if you do not want it. It is not hidden for users, so it is fully legal.

"How my miner works in my app: users choose in settings the intensity of mining, then put the phone on charge. Now the app will wait until the phone is fully changed and start mining altcoins... If the phone [runs out of battery] or overheats, the mining stops.

"So, everyone is happy, users receive in-game bonuses, the developer gets ... revenue. It is not a lot, but compared to zero it is good."

As for the anti-virus companies blocking his apps, he feels only antipathy: "Anti-viruses are more evil than legal cryptominers... They scare people with false threats, but do not protect from real attacks." He explained his thinking: anti-virus companies don't block apps that ask for access to a device's SD card memory, and can thereby acquire a lot of sensitive data from cellphones, but they kill silent mining that doesn't involve any information being potentially compromised, just some power being used up.

Cybersecurity researchers don't see it that way. They see his actions as purposefully misleading and malicious. Whilst Khripkov claimed to have provided a disclaimer directly to the user as soon as they opened Puzzle (published in the image below), informing them of the mining, Ixia principal security researcher Stefan Tanase said he saw no such warning when he downloaded the app.


A disclaimer from the developer of Puzzle on the Android app's use of cryptocurrency mining.

"Crypto miners are the new adware, at least this is how I see it," said Tanase. "It's technically legal (if disclosed), but they are incentivised to trick users into accepting mining on their devices... If Google allows such behavior, soon all free apps in the Play Store will feature coin miners."

Thanks to anxiety around his "legal botnets," Khripov hasn't been able to make much money from his miners so far. Indeed, he said that despite having as many as 40,000 daily active users and possibly tens of millions of downloads, only 5,000 had enabled the feature. A cryptocurrency account found by Tanase showed Khripov earned the equivalent of $1,150 in Magicoin as of Tuesday. The developer was mainly focused on Magicoin, as well as Feathercoin and Vertcoin, amongst other lesser-known, alternative currencies (better known as altcoins).

Google's crypto mining mess

But other developers have already joined the game by shoving cryptocurrency miners on apps and flogging them over Google Play. Just last week, Avast security researcher Nikolaos Chrysaidos found a "Cooee" chat app that, whilst it only scored between 1,000 and 5,000 downloads, had made it onto Play and was, without permission, carrying out mining for Monero, a cryptocurrency with strong privacy promises. Monero is often used by privacy-conscious folk as well as dealers on criminal online forums.

Khripkov also said he'd shared his mining code with other developers, which could explain the number of apps containing code referencing his oxothuk nickname that have also been called out by anti-virus firms such as Trend Micro in recent weeks.

Similar mining features have found their way onto websites in recent months too, quietly borrowing compute power of visitors, whether on their phones or PCs. Security firm AdGuard claimed in October that as many as 500 million people were being used as part of giant networks of miners, with 220 of the world's 100,000 most popular websites getting users to join in their hidden money-making operations. As much as $43,000 in Monero had been made in just three weeks by whoever ran the sites.

At least Khripkov has, on the face of it, attempted to remain transparent about his work. It's a matter of opinion, therefore, as to whether his mining was malicious or not. Others will not be as clear in their intentions.


Thomas Fox-Brewster

Forbes

 

Latest comments