Cryptocurrency Mining Script Coinhive Discovered in Android Apps

Since September 21, the NJCCIC has been alerting members to a new and rapidly growing threat – cryptocurrency mining JavaScript code embedded in websites, draining system resources of unsuspecting visitors and causing web browsers to freeze and crash. Until recently, this threat only affected laptop and desktop computer users. However, researchers at Trend Micro are warning that this threat is now impacting mobile devices as the cryptocurrency miner Coinhive was discovered in Android applications that had previously been available in the Google Play Store. Identified by Trend Micro as ANDROIDOS_JSMINER andANDROIDOS_CPUMINER, these scripts were detected in apps such as Recitiamo Santo Rosario FreeSafetyNet Wireless App, and Car Wallpaper HD: Mercedes, Ferrari, bmw, and audi [sic]. When launched, these apps drain mobile device resources while generating profit for the apps’ developers, often without the knowledge or permission of the users. Mining activity conducted on mobile devices can result in reduced battery life, poor performance, overheating, and the risk of permanent, physical damage to internal components. The NJCCIC assesses with high confidence that this malicious activity will increasingly impact mobile device users as profit-motivated actors seek to generate revenue by embedding these scripts in seemingly legitimate apps and making them available for download via official app stores. We recommend all mobile device users exercise caution when installing mobile apps. Users who notice a negative impact on device performance after the installation of an app should immediately remove it from the device and report the issue to the associated app store.