A Reddit user named TopWire has reported that Andy OS – even when downloaded from the official page – is giving the user more than he has bargained for. When installing the program on Windows one will not only get a pretty good emulator but a Crypto Mining Trojan on top of it.
TopWire first noticed the Trojan after some major FPS loss when playing PC games. Since most crypto miners use the GPU to mine for cryptocurrency like bitcoins this is only logical. After some research he noticed that a process named updater.exe that installed itself with AndY was causing a graphics card load of around 80% which – depending on the card and its use – is a lot.
Even worse: After shutting down AndY itself, the miner still continues running and starts up with a reboot of Windows as well. That means that while downloading with the Android emulator, it is not directly tied to it. Therefore uninstalling Andy won’t uninstall updater.exe.
You can see how it all works in TopWire’s video below.
While it is not 100% clear whether the makers behind Andy OS are involved in the distribution directly, they definitely behave very suspicious. After an inquiry of TopWire, the people behind Andy removed him from the Facebook support group, something you’d probably not do if you are blameless.
If you are using AndY and believe that you are affected by the crypto miner as well, here is how you can uninstall it: