Reports from experts in information security training inform that a mining Trojan is being installed along with the popular Android operating system emulator “Andy”, and its users are actually concerned. According to these reports, the mining software would use the graphics processing unit, or GPU, on the computer graphics card to mine several cryptocurrencies.
In a Reddit post, user TopWire stated that the emulator Andy installed on his computer a program called C:Program files (x86) Updaterupdater.exe, also publishing a video as evidence of the event. What is really troubling about this is that the user has tried to consult the issue with the team in charge of Andy emulator via their Facebook page, but has been rejected repeatedly.
What happens when you install Andy?
Specialists in information security training say that, when someone downloads the latest available version of Andy, it can be seen at first sight that something is wrong. The emulator automatically opens an adware bundler for its installation, known for installing mining software without user’s knowledge or consent. The installer of Andy has been detected as a variant of InstallCore, known installer with adware that is presented to the user with different “offers” while the installation is done. This kind of installation allows free software developers, as is the case of Andy, to generate revenue every time someone installs one of their programs. Usually, when installing Andy, there are offers for Avast and WinZip.
Even after declining the installation’s offer, a program may appear on your computer, named as C:Program files (x86) Updaterupdater.exe, the same program reported by the Reddit user. Later analysis on Andy shows that the program installed along with the emulator belong to the same company behind Andy’s development.
Specialists in information security training declare that it has not been possible to corroborate that Andy installs mining software on the computers that use it; however, they have managed to confirm the behavior of the program as described by the user of Reddit, so they expect for further information. In the meantime, experts in information security training, such as the International Institute of Cyber Security, recommend not installing this emulator until the company can clarify the situation.