In the recent cryptocurrency mining trend, websites added Coinhive’s code to take advantage of user’s CPUs to mine Monero. The code was so popular that someone hacked the CBS-owned Showtime websites to add the code for a brief period of time. Eventually, Cloudflare started cracking down on websites that used the code without informing users about it.
Recently, as reported by Core Media, hackers even hijacked Coinhive to redirect some of the mined funds to their own wallet. Seemingly now on the mobile domain as well, some of the apps found included one that helped users pray to the rosary and one that provides discounts. Both were removed from the app store.
It’s uncertain whether criminals can make significant profits out of users’ mobile resources, but researchers point out that smartphones will suffer from the move. The report reads:
“The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful. However, the effects on users of affected devices are clear: increased device wear and tear, reduced battery life, comparably slower performance.”
A third app researchers mentioned gave users a choice of car-related wallpapers and came with a Cpuminer in it. These malicious apps, according to Trend Micro, take legitimate versions of apps and add mining libraries to them, so they can then be repackaged and distributed throughout the web.
According to a figure shown in the piece, cybercriminals are presumably turning to various cryptocurrencies that, just like Monero, are optimized for CPU mining. These include VertCoin, Magicoin, Feathercoin, and Myraidcoin. Although total profits are unknown, over an unknown period of time criminals made $170 out of their malicious apps.
The move towards mobile devices was presumably done due to the crackdown against mining code that didn’t ask for user permission. Most anti-virus solutions already render the code useless, and some browsers are reportedly working on doing the same thing. Phishing scams are also present on app stores. As reported by Core Media, two fake Poloniex apps were recently removed from Google Play, and a third one may still be out there.