A popular Android emulator has been caught installing a cryptojacker

Less than a week after Apple banned cryptocurrency mining apps from its App Store, a popular PC Android emulator has been caught installing a cryptojacker.

The difference between cryptocurrency mining software and a cryptojacker is the latter uses your device’s resources without your permission.

A perceptive Reddit user noticed Andy Android Emulator installed a cryptojacker alongside its popular app. Post-installation, a process covertly labelled “Updater.exe” begins mining for cryptocurrency.

The user had prior experience with Android emulators but wanted to try something new. After installing Andy Android Emulator, he noticed his GPU usage went up dramatically whether the emulator was open or closed.

While at some point a file may have been infected unbeknownst to the Andy Android Emulator team, there are suspicious circumstances surrounding it.

The first red flag is that Andy’s admins in its Facebook group recommend turning off your antivirus while installing. This can occasionally cause problems, so the benefit of the doubt can be given.

However, according to the Reddit user, he was removed from the group for asking why they're still serving the infected file. If true, it sounds very much like an attempt to cover it up.

The user provides easy removal instructions for any computer infected:

  • Close every Andy-related process via task manager.

  • Uninstall Andy via Windows

  • Look for a process named 'Updater' (This is the miner and surprisingly enough won't be uninstalled when you uninstall Andy! Would you believe it!)

  • Right click that process and click 'Go to details'

  • Right click 'Updater.exe' in details and click 'End process tree'

  • Navigate to C:\Program Files (x86)

  • Click once on the folder named 'Updater' and then press Shift+Delete

  • Click once on the folder named 'AndyOS' and then press Shift+Delete

  • Recheck task manager to confirm no more Andy services are running

  • Download Malwarebytes and perform a full system scan to check if anything was missed

  • Download CCleaner and do a registry fix. Multiple Andy registry entries will be found. Delete these and scan again to ensure that nothing was missed

Cryptocurrency mining can be a legitimate alternative to running unsightly advertisements in free software, but a developer needs to be upfront with users if it’s to be accepted.

We may never know if the Andy Android Emulator team is at fault, but it could definitely have been handled better.

What are your thoughts on the Andy Android Emulator situation? Let us know in the comments.

Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.​​​​​​​

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.