JavaScript Cryptomining Scripts Discovered in 19 Google Play Apps (risk of hardware damages)

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
There doesn't appear to be an end in sight for the cryptojacking scourge affecting all facets of the web right now.

If you're not bored already of reading yet another incident where miscreants deployed the Coinhive in-browser script to mine Monero behind users' backs, then this article might interest you.

Coinhive found inside Play Store apps

Our article is based on a 13-page report published last week by UK cyber-security firm Sophos. According to the company, its engineers discovered 19 Android applications that were uploaded and made available through the official Google Play Store.


Sophos says these apps were secretly loading an instance of the Coinhive script without user knowledge.

An analysis of the malicious apps revealed that app authors —believed to be the same person/group— hid the Coinhive JavaScript mining code inside HTML files in the apps' /assets folder.

The malicious code executed when the user started the apps and the apps opened a WebView (Android stripped-down) browser instance.

In some cases, if the apps did not justify opening a browser window, the WebView component was hidden from view and the mining code ran in the background.


In other instances, where the app was a news reader or tutorial viewer, the Coinhive in-browser JavaScript mining code ran along the app's legitimate content while the user was using the app.


.....had no idea that mining could be more dangerous to mobile devices.... :
The danger of cryptojacking to mobile devices

While many news sites are oversaturated with articles about illegal cryptocurrency mining, users should be aware that mining cryptocurrency on their smartphone may permanently damage the device, as Kaspersky researchers proved last month when they discovered the Loapi Android malware.


But users don't have to install malware-laced apps on their devices to be affected. Yesterday, security researchers from Malwarebytes announced they discovered a malvertising campaign that targets Internet users utilizing Android mobile browsers.

The campaign used malicious code hidden in ads to redirect users to sites where crooks were mining Monero (via Coinhive) while the user was trying to solve a CAPTCHA field. The user didn't have to install an app to be affected, and just surfing the web was enough to be affected.

While desktop computers may stand the hardware stress that comes with cryptocurrency mining, mobile devices such as smartphones and tablets are more fragile and may risk permanent damage, especially to their batteries, which could overheat and deform.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
These addons (extensions) - for Chrome or Firefox- are really definite threats that many do not speak about. Everyone seems to think Rainbows and Unicorns when installing an extension but these may be anything but.

The most insidious way an extension can turn malicious is by a Blackhat making an offer (that they can't refuse) to an author whose extensions has been legitimate for years. As the sale will include both "Goodwill" and valid certificates it is childsplay to morph a formerly useful thing into either a Miner or an Info Stealer that will be assumed legitimate. Something like this will bypass any vetting done by those in charge (lazy buggers) and released.

So please view any browser addon as you would a Crack unless it is coded by your loving cat (not my cat, obviously).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top