Mining script

Cryptocurrency mining script implemented in applications on Google Play

Coinhive’s cryptocurrency mining script has found its way into mobile apps offered on Google Play.

Trend Micro researchers have identified two applications that have it:

The first one (prsolutions.rosariofacileads) is an application intended to help users pray the Rosary, the second (com.freemo.safetyne) allows users to “earn free calls, texts and data” by accumulating credits “by redeeming coupons and local offers, watching videos, taking surveys and more”.

“These two examples do the same thing once they’re started: they’ll load code from Coinhive’s JavaScript library and start mining with the attacker’s own site key,” the researchers. Explain.

“This JavaScript code runs in the application’s web view, but it is not visible to the user because the web view is configured to run in invisible mode by default. When malicious JavaScript code is in running, the CPU usage will be exceptionally high.

Is it worth it for the crooks?

Both apps have been removed from Google Play, and their developers’ accounts have apparently been deleted or suspended. They can still be downloaded from some third party Android stores.

In addition to this, the researchers also discovered a legitimate wallpaper app (com.yrchkor.newwallpaper) which has been modified to include a data mining library.

“The effectiveness of mobile devices in actually producing cryptocurrency in significant quantities is still questionable,” the researchers noted, but stressed that “the effects on users of the affected devices are clear: increased wear and tear on devices, duration reduced battery life, comparatively slower. performance.”

They advised users to be on the lookout for secret crypto mining apps and uninstall apps that trigger noticeable performance degradation on their devices.