Anyone who wants to play an Android game on their PC needs an emulator, a program that basically tricks the game into thinking it is being played on a smartphone or tablet sporting Android OS. While there are a couple of solutions to allow the user to achieve this, the Android emulator AndY is one of the most popular choices. It now has been discovered, that it distributes malware.
A Reddit user named TopWire has reported that Andy OS – even when downloaded from the official page – is giving the user more than he has bargained for. When installing the program on Windows one will not only get a pretty good emulator but a Crypto Mining Trojan on top of it.
TopWire first noticed the Trojan after some major FPS loss when playing PC games. Since most crypto miners use the GPU to mine for cryptocurrency like bitcoins this is only logical. After some research he noticed that a process named updater.exe that installed itself with AndY was causing a graphics card load of around 80% which – depending on the card and its use – is a lot.
Even worse: After shutting down AndY itself, the miner still continues running and starts up with a reboot of Windows as well. That means that while downloading with the Android emulator, it is not directly tied to it. Therefore uninstalling Andy won’t uninstall updater.exe.
You can see how it all works in TopWire’s video below.
While it is not 100% clear whether the makers behind Andy OS are involved in the distribution directly, they definitely behave very suspicious. After an inquiry of TopWire, the people behind Andy removed him from the Facebook support group, something you’d probably not do if you are blameless.
How to deinstall AndY and its Malware
If you are using AndY and believe that you are affected by the crypto miner as well, here is how you can uninstall it:
- Close every AndY-related process via the task manager
- Uninstall Andy via your normal Windows software uninstaller
- Look for a process named ‘Updater‘, right click it and select ‘Go to details‘
- Scroll until you find ‘exe‘ and click ‘End process tree‘
- Navigate to C:\Program Files (x86), look for the folder named ‘Updater‘ and then press Shift+Delete
- Search the folder named ‘AndyOS‘, select it, and then press Shift+Delete
- Open up the manager to make sure that no more Andy services are running
- Perform a security check with an Antivirus program of your choice.
- Use a registry cleaning tool to remove AndY registry entries.
This post is also available in: German