Android Emulator Andy Trojan Crypto Miner Hijacks GPU Power Secretly
TopWire is a user of the Android Emulator Andy app, which allows consumers to mine cryptocurrency. In his searches this week, TopWire discovered GPU miner called Trojan, which allowed him to go under the radar to mine unlimited coins. With no one to stop the process, TopWire could’ve continued going unnoticed, if not for his YouTube video and Reddit post. These social media activities resulted in Andy banning him on Facebook.
What is interesting is the face that TopWire’s Trojan attachment didn’t stop the mining when the user exited the Andy program. The file that allowed it to run, which was “updater.exe,” continued to run online in the background, finding additional tokens. This didn’t become apparent to the user until he noticed his CPU running slower than anticipated.
In his Reddit post, TopWire wrote,
“I checked my GPU usage and temps and noticed they were working at roughly 80% load and 80+ degrees C whilst gaming. Very unusual for my setup; I opened task manager and sorted it via what was using the most GPU power and found a process named ‘updater.exe.’ After further inspection I noticed that this installed along with Andy.”
To this date, there hasn’t been a statement officially listed by the Andy Emulator developers. In fact, the only thing that seems to have happened is that TopWire accused a staff member from Andy of using blockchain technology on their emulator. While the staff member admitted these actions, they claim to have not used the technology for mining on any other computers.
Symantec, which is an antivirus software company, weighed in on the matter.
“Cyber criminals use coin miners to steal victims’ computer processing power and cloud CPU usage to mine cryptocurrencies. Cyber criminals started trying to make money this way primarily because there was a huge rise in the value of cryptocurrencies in the last quarter of 2017, making this type of cyber-crime extremely profitable.”