Coinhive Miners Found in Android Apps, WordPress Sites (on the official Google Play Store)

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The malicious deployment of in-browser JavaScript-based cryptocurrency mining scripts has continued the past week, and we've seen them reach Android applications on the official Google Play Store, but we've also seen the first mass-deployment as part of a botnet of hacked WordPress sites.

While there are multiple players on the JS-based cryptocurrency mining market, Coinhive continues to remain the attackers' top choice, as we've seen this week after the launch of the WhoRunsCoinhive service.

Coinhive found in Android apps
Most desktop users already run an ad blocker or antivirus that can block these scripts. The same cannot be said for mobile devices, where most users still don't use an antivirus on a regular basis, nor do they install ad blockers in their mobile browsers.

This is why Trend Micro's discovery of two apps that deploy a Coinhive mining script is worrisome.

The two apps, now removed from the official Play Store, are named "Recitiamo Santo Rosario Free" and "SafetyNet Wireless App." Both of these apps deploy a copy of the Coinhive miner inside a hidden WebView browser.

While the user keeps the two apps open, the miner runs, forcing phone resources to work at their max and mine Monero for the apps' authors.

The problem is that the apps do not request permission to do so, and cryptocurrency mining behavior will surely lead to the device overheating, a reduced battery life, reduced performance, and a general wear and tear on the device's physical state.
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
People probably read that site owners can generate cash flow without ads and hastily deployed them on their sites without thinking of the repercussions. I have always been supportive of websites and services using ads for monetary gains to keep the site going, but this crosses the line.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top