While the cryptocurrency craze has subsided for the time being amid drastic price drops, that doesn't mean that it still isn't viable to mine, especially if the resources used to mine the currency come at zero cost. We have seen selfish tactics in the past that makes use of computers and smartphones for mining without the user's consent, and it looks like a popular desktop Android emulator, Andy OS, is being called out for doing something similar.
(video showing the installation process of Andy OS and the offending malware)
If unfamiliar, Android emulators are meant to run on a computer and can simulate the Android environment. You can run apps, games, and do pretty much anything else that you would normally do on an Android device. Andy OS has been listed on various website round-ups as a suggested option and as such has been installed and tried by many. One user noticed that after using Andy OS, performance numbers during gaming had dropped and also that CPU temperatures were higher than normal. By taking some time, the user was able to track down the possible source of the issue, a process called 'updater.exe'.
Apparently, updater.exe is installed onto the host system along with Andy OS. By running a scan on the file, it has been discovered to be a cryptocurrency miner that works in the background, unbeknownst to the user. Although the source is from the OS, the user that discovered the issue states that "the installer isn't at fault. Andy itself calls an IP which then transfers the bitcoin miner to your system". According to one representative from Andy, the OS uses blockchain technology, which is why the 'updater' is detected as a threat. But according to another, the miner isn't part of the OS and is installed via a "third party installation file".
When reaching out to the company for clarification, in an attempt to get this issue resolved, it appears that the user was shut out, being censored and banned. While it is tough to say who is at fault for certain, you can check out the evidence for yourself and make a decision. In the meantime, it is probably best to stay away from the OS and find an alternative. If you have already downloaded Andy OS previously and want to remove the infection, you can find the instructions on how to do that in the Reddit link below.
Source: Reddit via BleepingComputer | Image via Andy Android Emulator
8 Comments - Add comment