Most desktop users already run an ad blocker or antivirus that can block these scripts. The same cannot be said for mobile devices, where most users still don’t use an antivirus on a regular basis, nor do they install ad blockers in their mobile browsers.
This is why Trend Micro’s discovery of two apps that deploy a Coinhive mining script is worrisome.
The two apps, now removed from the official Play Store, are named “Recitiamo Santo Rosario Free” and “SafetyNet Wireless App.” Both of these apps deploy a copy of the Coinhive miner inside a hidden WebView browser.
Besides the malicious apps, last week, WordPress WAF providers like Sucuri and Wordfence have both sounded the alarm on an increase in hacked websites altered to deploy cryptocurrency miners, especially Coinhive variants.
The biggest such threat was a threat group detected by Sucuri that has deployed the same script on over 500 WordPress sites.
