BadLepricon bitcoin mining malware exposed

This time the hackers decided to use our cellphones as mining rigs. It all started with a wallpaper app whose developers decided to make some extra money by using our cellphones as mining rigs.

The malware, dubbed BadLepricon was found by researchers from a security firm called Lookout. Quoted from their blog post:

Lookout found a piece of mobile malware in Google Play that quietly uses your phone’s processing power to create new coins. We call it BadLepricon, and yes, that is how the malware authors spelled “leprechaun.” We hope they were going for a clever play on the word “con.”

Shortly after finding the bug, the Google Play Store removed the 5 wallpaper apps who had the BadLepricon malware installed.

If you or any of your friends have any of these wallpaper apps:

Beating Heart Live Wallpaper, Epic Smoke Live Wallpaper, Mens club Live Wallpaper or Urban Pulse Live Wallpaper, tell them to remove it unless they want to keep having their phones used as mining rigs.

I am sure some of you might think that using your phone as a mining rig might be a good idea but there are quite a few problems with it.

The first problem is that your phone does not have a graphics card or any other GPU that will be able to match up with a R9 290 or any other decent desktop graphics card. As a result you will get very little mining power from one phone. In addition, your phone’s battery will drain at an incredible rate so you would have to keep your phone charging most of the time.

The only way to really make money using cellphones as mining rigs is to create a botnet. Botnets are a network of hacked electronic devices that are controlled by one hacker. As a result if you hack 1000 cellphones and each generates a small amount of hashing power, combining all that power will yield ALOT of bitcoin.

Here is a tip, do you feel that your cellphone looses battery faster than usual? Does it seem slow and unresponsive. It could very well be that you have a bitcoin mining malware running on your cellphone. The best way to get rid of it would be to backup your data and restore your phone to factory defaults, that will remove any unnecessary apps including any malware that might have infected your phone.

For a more detailed explanation of the BadLepricon malware please visit this blog


  • Hennessy Hemp

    This seems quite a waste of time.

    The only way this could even remotely make money is if they set the botnet to solo mine and got extremely lucky by hitting a block, but they are up against far more powerful opponents, who have more power in one machine than the entire botnet of infected phones so that is mostly futile. This effort probably yeilded so little btc since launch I would label the whole attempt as academic. I could be wrong, but I doubt they got even a tenth of a bitcoin.

    • This is true assuming the malware is mining Sha256 or Scrypt which has ASICs built for these algorithms which can outpower 100,000 cellphones. However, if the attackers decide to use an obscure algorithm like X13, X15, Lyra2Rev2, WhirlpoolX, just to name a few, then it becomes much more profitable.

      Some of those obscure coins running those algorithms do have a place in the market and can be profitable to mine with your home GPU.

      Checkout and see how many different coins with those algorithms there are.