FTC Settles With Developer Who Hijacked Phones To Mine Cryptocurrency

A game and rewards app was really a Trojan horse, installing virtual currency mining software on the phones of unsuspecting consumers.

The thousands of consumers who downloaded the Prized app for Android from Google Play and the Amazon Appstore, beginning in 2014, believed they were working to redeem points for gift cards and clothing. Little did they know they were unwittingly enlisting their smartphones in the app developer's automated army as well.

The main purpose of Prized was actually to install malware on consumers' phones that would mine for virtual currency, harnessing the computing power of a massive fleet of mobile devices, to the unlawful benefit of the developer, Ryan Ramminger.

The Federal Trade Commission and the New Jersey Attorney General have settled with Ramminger, banning him from further distributing the malicious software. He will also be forced to pay the state of New Jersey $50,000. According to the FTC complaint, the malware mined for Dogecoin, Litecoin and QuarkCoin, but not the most prominent of the virtual currencies, bitcoin. In doing so, it caused rapid battery drains and monthly data overages on the devices on which it was installed. The settlement between the FTC and Ramminger requires that he destroy all the consumer information collected through the app. Ramminger has neither admitted to nor denied the allegations brought by the FTC.

In its complaint, the FTC alleged that Ramminger and his company, Equiliv Investments, violated the FTC Act and the New Jersey Consumer Fraud Act.

"Hijacking consumers' mobile devices with malware to mine virtual currency isn't just deplorable; it's also illegal," said Jessica Rich, director of the FTC's Bureau of Consumer Protection. "These scammers are now prohibited from trying such a scheme again."

Helen Wong, an attorney with the FTC's Division of Financial Practices, told BuzzFeed News that this case is the first of its kind. The commission has dealt with email-based malware in the past, but Prized was the first instance of malicious activity originating in an app. She said the FTC has alleged that the app did not do any part of what it claimed — even the rewards part of the app, the legal, functioning aspect, was illegitimate and part of the ruse.