Android Emulator for PC "Andy Android" found including Cryptominer Trojan

[rcmaehl]

Sources: 

https://betanews.com/2018/06/18/andy-os-bitcoin-miner/

https://www.bleepingcomputer.com/news/security/andy-os-android-emulator-reportedly-installing-a-gpu-miner/

From the Sources:

Quote

Cryptocurrency mining malware has become a serious problem recently, and it seems the latest people to fall victim to the threat are users of the Android emulator Andy OS -- also referred to as AndY and Andyroid. ...

Over on Bleeping Computer, Lawrence Abrams did a bit of investigating. He noted that even when declining all of the bundled adware offered up by Andy's installer, it seemed that the miner was installed. He also notes that VirusTotal has marked the installer as an InstallCore variant with various warnings attached to it, and that the updater.exe file is detected as a cryptocurrency miner.

 

Quote

...This GoogleUpdate.exe program has a description of "AndyOS Update", which indicates it's part of Andy. Why it is named GoogleUpdate is not known, but I feel it is strange. ... As the GoogleUpdate.exe is signed using a signature that is owned by Andy OS Inc, it would indicate that this file it one that belongs to them.

Video of the issue:

 

My thoughts:
It seems like yet again. Developers of Android Emulators for Windows have gotten greedy. Alternatives exist but the large number of ones engaged in scummy tactics such as this or those that include bundled apps and paid versions use their questionably obtained money to ensure they become the top search results instead of open sourced projects.

[Zodiark1593]

49 minutes ago, VegetableStu said:

on one hand, I really hate it when people squat on my PC processor time.

 

on the other, we should tip jar people who posts pretty functional stuff that we use once in a while.

Tips are entirely voluntary, however. If a developer asks (for example, when installing) for contributions to be made via mining, I wouldn't have a problem. Laptop users can keep it disabled to conserve battery, and desktop users can contribute to the developer.

[ScratchCat]

3 minutes ago, Zodiark1593 said:

Tips are entirely voluntary, however. If a developer asks (for example, when installing) for contributions to be made via mining, I wouldn't have a problem. Laptop users can keep it disabled to conserve battery, and desktop users can contribute to the developer.

The concept is okay but permission should be given first. Naming the process GoogleUpdate.exe just indicates that they did not want anyone to link it to the program which generally indicates malicious intent - what it to stop them next installing a keylogger and selling the results for "personalization" of "advertisements".

[Drak3]

I looked heavily into them a year ago. I don't find this remotely shocking, the people behind it gave off huge red flags.

[BlueChinchillaEatingDorito]

Minimum requirements is Windows 7, has a picture of Windows XP on their main page. Quality. Also why does it have a Mac OSX themed window?

[Guest]

Why don't people just use a virtual Android x86? Is that project dead or something?

[Drak3]

1 minute ago, RorzNZ said:

Why don't people just use a virtual Android x86? Is that project dead or something?

Project is going strong, but virtualized, Android x86 is a shit show with KB+M.

[Guest]

2 minutes ago, Drak3 said:

Project is going strong, but virtualized, Android x86 is a shit show with KB+M.

Like it's not as if it needs a lot of power to run Android lol. I see the problem with KB&M though, it's always going to be much better with touchscreen. 

[Ryujin2003]

Why I don't download shit like this...

[Drak3]

Just now, RorzNZ said:

Like it's not as if it needs a lot of power to run Android lol. I see the problem with KB&M though, it's always going to be much better with touchscreen. 

KB+M works well when running on bare metal, especially with a good launcher.

 

But virtualized, the mouse acts like a finger. If you're not holding down the LMB, it acts as if you're not interacting with it, but still shows a cursor.

[Noctus]

6 hours ago, Drak3 said:

Project is going strong, but virtualized, Android x86 is a shit show with KB+M.

No love for Blustacks ?

[Drak3]

1 minute ago, Noctus said:

No love for Blustacks ?

Bluestacks runs like shit on my 5930K @4.5GHz, 32GB DDR4-2133, and 1080. It went about 10 minutes before I uninstalled it due to frustration. I can't recommend it (or any other method of virtualizing Android).

 

The only thing I haven't tried is Android x86 in KVM, I don't have a machine I'm willing to sacrifice to KVM right now.

[Noctus]

2 minutes ago, Drak3 said:

Bluestacks runs like shit on my 5930K @4.5GHz, 32GB DDR4-2133, and 1080. It went about 10 minutes before I uninstalled it due to frustration. I can't recommend it (or any other method of virtualizing Android).

 

The only thing I haven't tried is Android x86 in KVM, I don't have a machine I'm willing to sacrifice to KVM right now.

Very odd considering my Ryzen 5 1600 (standard clocked), 16gig DDR4-3000 and a RX 480 run it just fine .... o.0

[Drak3]

Just now, Noctus said:

Very odd considering my Ryzen 5 1600 (standard clocked), 16gig DDR4-3000 and a RX 480 run it just fine .... o.0

Wouldn't know, Ryzen wasn't announced the last time I bothered with it. I basically gave up on virtualizing Android in any capacity. I'd rather recommend buying a cheap Core i ANYTHING 2-in-1 with a SSD and putting Android x86 on it.

[aezakmi]

This is why you should use a VM and emulate Android x86, it might not look pretty but works perfectly and that's what matters here, even dared to install it in a real partition and everything worked, git gud andy.

[mr moose]

1 hour ago, Drak3 said:

Bluestacks runs like shit on my 5930K @4.5GHz, 32GB DDR4-2133, and 1080. It went about 10 minutes before I uninstalled it due to frustration. I can't recommend it (or any other method of virtualizing Android).

 

The only thing I haven't tried is Android x86 in KVM, I don't have a machine I'm willing to sacrifice to KVM right now.

 

1 hour ago, Noctus said:

Very odd considering my Ryzen 5 1600 (standard clocked), 16gig DDR4-3000 and a RX 480 run it just fine .... o.0

I think blustacks is hit and miss,  My son ran it fine on his pentium 2 core with 8G ram and still fine when we upgraded it  to a ryzen 3 1200.  By other son runs his fine on an older i3 with 8G ram also.

[Valentyn]

13 hours ago, Zodiark1593 said:

Tips are entirely voluntary, however. If a developer asks (for example, when installing) for contributions to be made via mining, I wouldn't have a problem. Laptop users can keep it disabled to conserve battery, and desktop users can contribute to the developer.

Somehow WinRar is still around and they only ask politely to be paid.

 

Shame the devs includes this; asking like WinRar might actually be a valid option here. It’s a tip or donation; and doesn’t negatively affect your users.

 

 

[WelshDdraig]

I was recently using AndyOS just to mess around with Android on PC - experience was extremely *insert a profanity here for bad* on my 6800K and 1070.
What I do like is what has been put in the description of the video:

Quote

made this for the people in the andy support group. got banned

So, it looks like when it was reported to the Andy team, they are just like - "Screw You, we don't like you've found us out so...You're banned."

If that doesn't scream shady - we need to get Slim in the house to do it, because this is shady AF.  

[SupremeGOAT]

never trusted it day 1