The meteoric rise in the price of Cryptocurrency has hurled the technology into public view. After Bitcoin touched an all-time high this January the spotlight of the media and everyone else was on the cryptocurrency ecosystem. That being said, Miner Trojan has already shaped up as a hackers preferred tool. It has been recently reported that GPU Miner Trojan is being installed with the popular Andy Android emulator without asking users permission.
Andy OS Android Emulator installing Cryptocurrency Miner
As per a Reddit post, Andy was caught installing GPU Miner Trojan without asking for users consent. The miner would be installed in the C:\Program Files (x86)\Updater\updater.exe and used the GPU to mine cryptocurrency. The user has also uploaded a video on YouTube to substantiate his claim.
That’s not all, the Redditor has attempted to bring this to the notice of the Andy team via Facebook but the plea has fallen on deaf ears. On deeper investigation, it was found that the Andy executable was using an adware bundler for its installer and this is how the program managed to install miners onto the user’s computers without any permissions.
The Andy installer is being detected as an InstallCore variant by VirusTotal and this adware is notorious for displaying several offers during installation. So this is how it works every-time someone installs the program, it generates revenue for the developers.
The worst part is that even after declining all the offers the program was still installed on the computer anyways. The updater.exe file posted on Reddit was detected as a Miner by Virus Total.
The file is named “GoogleUpdate.exe” and says “AndyOS Update” in the description. The GoogleUpdate.exe file is signed by “Andy OS Inc” and this means that the file belongs to Andy and was intentionally signed by them. Andy OS is yet to issue a statement on this.