Android, 19 apps produce Monero without users’ knowledge

The apps produced Monero using other users’ smartphones. They have already been removed from the Google Play Store

Although Bitcoin and all major cryptocurrencies have lost over 50% of their value, hacker attention in this area does not seem to be waning. Despite the fact that computer security companies have developed solutions to block the tools used by hackers to illegally produce cryptocurrencies using other users’ devices, hackers still get away with it.

Once again the protagonist is Coinhive, a tool made in JavaScript that can be hidden inside the code of a website and give the opportunity to hackers to use the power of users’ computers to produce Monero, one of the most highly capitalized cryptocurrencies. Many PC antivirus programs are now able to detect when a website is using Coinhive and block it from opening. But hackers didn’t stop at this hindrance and started targeting applications.

A few days ago Sophos, a British company expert in IT security, discovered the presence of Coinhive inside 19 applications for Android. The apps had also managed to get past Google’s control and were available for download from the Google Play Store. Thanks to a report from the UK company, they were promptly removed.

What the offending apps were doing

The 19 apps discovered by Sophos had recently received an update that added Coinhive to their source code. The script had been hidden inside the app’s HTML code in the hope that no one would notice. But when was Coinhive activated? Once the user launched the app, a page from a website would open in the background without the user’s knowledge. And the script would start exploiting the smartphone’s capabilities to mine Monero. Sophos found that one of these 19 apps had obtained more than 100,000 downloads

The British company also discovered 10 other apps that instead of generating Monero, produced Bitcoin and Litecoin. Again, the apps were deleted.

A danger to the smartphone

In itself, programs like Coinhive are not dangerous to users’ personal data. They don’t go looking for confidential information and they don’t collect data about users. Their only goal is to exploit the devices’ CPU to produce virtual coins. And that’s why they are dangerous to the integrity of smartphones. Coinhive causes the device to constantly use its power to the maximum and increase the temperature of various components. While on the computer this temperature rise can be managed by fans, in the smartphone it is much more complicated. And it can lead to battery swelling and even its explosion.

How to defend yourself against Coinhive

Coinhive cannot be compared to a virus. It does not have the characteristics of one. And that is why it manages to escape antivirus checks. Being able to understand if an application has Coinhive inside is quite complicated, you have to pay attention to the smartphone overheating. If we notice that our phone has high temperatures even if we don’t use it, then it means that the last app we installed/updated has Coinhive in it.