A popular Android emulator has been caught installing a cryptojacker
Less than a week after Apple banned cryptocurrency mining apps from its App Store, a popular PC Android emulator has been caught installing a cryptojacker.
The difference between cryptocurrency mining software and a cryptojacker is the latter uses your device’s resources without your permission.
A perceptive Reddit user noticed Andy Android Emulator installed a cryptojacker alongside its popular app. Post-installation, a process covertly labelled “Updater.exe” begins mining for cryptocurrency.
The user had prior experience with Android emulators but wanted to try something new. After installing Andy Android Emulator, he noticed his GPU usage went up dramatically whether the emulator was open or closed.
While at some point a file may have been infected unbeknownst to the Andy Android Emulator team, there are suspicious circumstances surrounding it.
The first red flag is that Andy’s admins in its Facebook group recommend turning off your antivirus while installing. This can occasionally cause problems, so the benefit of the doubt can be given.
However, according to the Reddit user, he was removed from the group for asking why they're still serving the infected file. If true, it sounds very much like an attempt to cover it up.
The user provides easy removal instructions for any computer infected:
Close every Andy-related process via task manager.
Uninstall Andy via Windows
Look for a process named 'Updater' (This is the miner and surprisingly enough won't be uninstalled when you uninstall Andy! Would you believe it!)
Right click that process and click 'Go to details'
Right click 'Updater.exe' in details and click 'End process tree'
Navigate to C:\Program Files (x86)
Click once on the folder named 'Updater' and then press Shift+Delete
Click once on the folder named 'AndyOS' and then press Shift+Delete
Recheck task manager to confirm no more Andy services are running
Download Malwarebytes and perform a full system scan to check if anything was missed
Download CCleaner and do a registry fix. Multiple Andy registry entries will be found. Delete these and scan again to ensure that nothing was missed
Cryptocurrency mining can be a legitimate alternative to running unsightly advertisements in free software, but a developer needs to be upfront with users if it’s to be accepted.
We may never know if the Andy Android Emulator team is at fault, but it could definitely have been handled better.
What are your thoughts on the Andy Android Emulator situation? Let us know in the comments.
- » Facebook leaked developer reports to external app testers
- » Google's new API improves biometric authentication in Android P
- » Google gives its Android Emulator some Hyper-V and AMD love
- » GitLab's shift from Azure to GCP is not due to ex-GitHub users
- » Chrome OS will recommend installing Android apps during setup