Patrons of popular Android emulator Andy are up in arms after Reddit user TopWire wrote a detailed post about a GPU miner trojan that came attached to the program and used his computer to mine cryptocurrency endlessly.

Android emulators allow users to run Android software within Windows or macOS, and Andy was considered one of the most popular along with others like Bluestacks or GenyMotion, the post noted.

After downloading Andy, TopWire noticed strange things happening to his computer and investigated further.

“I checked my GPU usage and temps and noticed they were working at roughly 80% load and 80+ degrees C whilst gaming,” he wrote. “Very unusual for my setup. I opened task manager and sorted it via what was using the most GPU power and found a process named ‘updater.exe’. After further inspection I noticed that this installed along with Andy.”

Even when he closed Andy, the ‘updater.exe’ kept running in the background, the post noted. After some digging he realized the program was mining cryptocurrency.

SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)

When he made a YouTube video detailing the issue and sent it to Andy and their Facebook support group, he was immediately banned from the group, he claims in the post. He wrote that he was told they are working on it but were denying that the trojan came from them, intimating it may be attached to a third-party party installation file.

Andy did not respond to requests for comment, but TopWire wrote that, “one Andy staff member claims that Andy uses blockchain technology and doesn’t mine bitcoins which is why it was detected.”

The post quickly debunks this response and both BetaNews and Bleeping Computer found that digital security site VirusTotal flagged the installer as a Trojan and as a cryptocurrency miner. TopWire also included instructions on how to remove Andy and the cryptocurrency miner from your computer.

The rise in value and popularity of Bitcoin at the end of 2017 corresponded with a massive spike in blocked cryptojacking attempts, according to cybersecurity software firm Symantec.

In their report on the cybersecurity threat landscape in 2017, Symantec found that the number of attempted cryptojackings–wherein someone attempts to hijack your computing device to mine for cryptocurrency–skyrocketed by 8,500% in the last three months of 2017.

“Cyber criminals use coinminers to steal victims’ computer processing power and cloud CPU usage to mine cryptocurrencies,” Symantec wrote in their report. “Cyber criminals started trying to make money this way primarily because there was a huge rise in the value of cryptocurrencies in the last quarter of 2017, making this type of cyber crime extremely profitable.”

Another security firm, Check Point, said in January that it, too, had found a massive increase in cryptomining malware.

The research found that “the tools can be hacked to dominate more power and generate more revenue, using as much as 65% of the end-users’ CPU power,” according to a report.

Kaspersky Lab’s Yaroslava Ryabova noted that “Over the past six months, cybercriminals have raked in more than $7 million through injecting cryptominers.”

The numbers will only rise as more criminals look to use the processing power of other devices to mine for more cryptocurrency, Symantec’s director of security response Kevin Haley told The Verge.

“While a great portion of these threats are browser-based, hijacking PCs, Macs and smartphones, attackers are moving to obtain more processing power to drive greater profit,” Haley said in the interview.

The big takeaways for tech leaders:

  • Popular Android emulator Andy has been accused of offloading a malicious installer onto your device that secretly mines cryptocurrency.
  • Andy has yet to respond officially to the controversy, but some users claim they have been ignored and removed from Facebook support groups for referencing the issue.