The developer of an app called “Prized” has reached a settlement with the Federal Trade Commission and New Jersey's Attorney General over charges that the app hijacked users' mobile devices and used them to mine virtual currencies, or cryptocurrencies, on behalf of the app developer.
As part of the settlement, Ohio-based company Equiliv Investments and app developer Ryan Ramminger agreed to pay $50,000. The agreement says that $5,200 of that money will go to New Jersey to cover the state's legal costs, with the remaining $44,800 to be suspended and vacated after three years if Ramminger keeps to the rest of the agreement. In other words: if he doesn't create any more malware in the next three years, he'll get that $44,800 back. Ramminger and Equiliv are also supposed to destroy any customer information they collected while distributing the app.
Harvesting cyptocurrency without consent
The FTC's complaint, available in .pdf form here, says that Prized, which was available “since at least February 2014” in the Google Play and Amazon App Stores in addition to various third-party sites, claimed to “give consumers points redeemable for prizes in exchange for completing tasks, such as downloading affiliated apps, playing video games embedded with advertisements, or taking online surveys.”
Instead, the app used malware to turn people's devices into zombie miners harvesting cryptocurrency without the owners' knowledge. As the FTC explains: “Virtual currencies are created by solving complex mathematical equations, and the complaint alleges that the app attempted to harness the power of many users’ devices to solve the equations more quickly, thus generating virtual currency for the defendants.”
This, in turn, caused the devices' batteries to lose power more quickly and recharge more slowly, and also burned through users' data plans. Depending on how much data and computing power it used compared to how much the device actually had, the app was intrusive enough to potentially render the devices all but unusable.
And, of course, nobody received any of the redeemable “prize points” the app initially promised.
A "Trojan horse"
Acting New Jersey Attorney General John J. Hoffman said, “Consumers downloaded this app thinking that at the very worst it would not be as useful or entertaining as advertised. Instead, the app allegedly turned out to be a Trojan horse for intrusive, invasive malware that was potentially damaging to expensive smartphones and other mobile devices.”