Andy Android OS Emulator Accused of Deploying a Cryptocurrency Miner on Windows Devices
Earlier this week, a Reddit user named TopWire has posted a warning concerning the Andy emulator app for Windows devices. According to the post, the user has found out that Andy is deploying a cryptocurrency miner to Windows PCs after the emulator has been installed on the particular device. TopWire explains he has made the discovery after noticing that a suspicious process called Updater.exe has been running while the Andy emulator is shut down. Further investigation of the issue has shown that the reason for that is a mining program deployed by Andy which can only be removed by uninstalling the emulator completely.
Cryptocurrency miners are slowing down the performance of the computers on which they are running as they use system resources for their activities. These programs are considered malicious if they have been installed without the user's consent or notice. In this particular case, the Reddit user claims to have observed FPS drops at random times, whereby the GPU load and the temperature have increased significantly without any clear reason. The unusual behavior required profound research, and that is how TopWire detected to unwanted mining software on his computer.
The issue has been reported to the developers of Andy, and the original cause for the malicious behavior of the app has been said to be a third-party tool embedded into the installer of the application. However, TopWire has a different explanation – according to the user, a code in the software itself sends a request upon which the malicious payload is being downloaded.
Opening Andy in process explorer to check the files it deploys upon installation has revealed that the problem does not arise from the app's installer, but from Andy itself which calls an IP, which then, in turn, transfers the crypto miner to the Windows system.
TopWire claims that Andy developers are deliberately trying to cover the issue by removing all related posts from the support group and by blocking the Reddit user from contacting them anymore. If true, that suggests they actually have something to do with the malicious tool dropped by the Andy emulator, and in that case, the issue requires thorough investigation.
Until things get clarified, it is probably a good idea for users to remove the Android app from their systems and switch to an alternative app.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.