wordpress blog stats
Connect with us

Hi, what are you looking for?

Hidden code for cryptomining discovered in 19 Google Play apps


A research done by British security software company Sophos has found 19 applications available on Google Play involved in cryptomining without the user’s consent. A 13-page report by threat researcher Pankaj Kohli details the discovery of hidden Coinhive JavaScript mining code inside HTML files in the apps.

CoinHive is a JavaScript-based miner which allows a user to mine open-source cryptocurrency Monero using a web browser – in this case the application’s inbuilt browser. All the apps in question seem to have been made by the same developer.

In many of these apps, the page is loaded whenever the app is started. Well-developed apps even use CPU throttling to prevent heating up of the device and draining of battery to conceal its presence. A large percentage of CoinHive apps, which offered videos and information about wrestling, were published around Christmas from four different accounts, the report says.

One such app had between 1-5 lakh installs. The report also details the threats from third-party mining module CoinMiner. This comes after the discovery of malware Loapi, which masquerades as popular antivirus apps or an adult content app.

Bitcoin mining appears to be the gold rush of the 21st century. Such malware have a long history in Google Play, with the first family — Andr/LepriCon-A — appearing in 2014, but recent discoveries present a worrisome expansion of the trend.

Advertisement. Scroll to continue reading.

British news website The Register has started running JavaScripts in the background as users load its web pages. Its Web Workers feature thus creates a distributed bitcoin mining operation. Medianama has also recently discovered that Salon, also a news website, is asking users to choose between viewing ads or allowing the use of “unused computing power” likely for cryptomining. The Salon web script will also be mining for Monero, but this will be done only with the user’s consent unlike the malicious apps mentioned above. The amount of CPU usage has not been revealed, however.

Siladitya adds: Adblockers are having a major impact on publisher revenues and they are understandably looking for alternative sources of revenue. Publishers like Salon and Register are doing this via crypto mining after informing their readers. But even then the whole thing is a bit opaque on the amount of system resource that will be used and what is the potential impact on the longevity of the user’s device. What’s worse we might see publishers integrate this without a user’s consent and there are no laws preventing that.


Popup on Salon’s website asking readers to choose between ads and cryptomining.

India’s income tax department has recently slapped tax notices on almost five lakh high net worth individuals transacting in bitcoin. The department had been looking to tax cryptomining since 2014.

While cryptocurrencies are not illegal in India, the Ministry of Finance has likened it to a Ponzi scheme. The Reserve Bank of India has also cautioned citizens, saying that any user, holder, investor, or trader dealing with cryptocurrencies would be doing so at their own risk. Governments across the world are trying to regulate the use of cryptocurrencies, the US Treasury being the latest one to call to coordinated action.

Social media giant Facebook has also banned the advertising of cryptocurrencies on its platforms, saying that these “financial products and services that are frequently associated with misleading or deceptive promotional practices”.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.


Find out how people’s health data is understood to have value and who can benefit from that value.


The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ