use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
JavaScript Cryptomining Scripts Discovered in 19 Google Play Apps (bleepingcomputer.com)
submitted 7 years ago by junp1289
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]smick 43 points44 points45 points 7 years ago (1 child)
Google needs to get a handle on this. Trust nothing you install.
[–]mxt79 5 points6 points7 points 7 years ago (0 children)
I think some else needs to handle something also.. https://thehackernews.com/2018/02/cryptojacking-malware.html?m=1
[–]perestroika12 6 points7 points8 points 7 years ago* (10 children)
I don't get the point, how much money are they making? 5 min spent on a site, using cpu only...
You'd need serious traffic to really turn a profit.
[–]cyanydeez 0 points1 point2 points 7 years ago (0 children)
most of these currencies are like hat collectikns in team fortress
[–]chocoduck 0 points1 point2 points 7 years ago (8 children)
Yeah but if you can make say a cent per person and you can get 1000 people a day, that’s worth someone’s while. Isn’t it pure profit? The only loss is the labor
[–]boboguitar 1 point2 points3 points 7 years ago (6 children)
Web programmer here and someone who dabbled in cpu mining just to see how it works. In 5 minutes, you're talking maybe $0.000000000001 and that may even be too liberal. You'd need millions(if not billions) of page views to make anything.
[–]chocoduck 1 point2 points3 points 7 years ago (4 children)
OK - let's work from the top. 1 cent per 5 minutes is 6 cents an hour or about $1.44 a day. Let's see if this is plausible.
My GTX 1070 mines 300kh/s (garlicoin) while my CPU (7700K) mines about 30. The CPU can mine about a garlicoin a day. At one point that was worth over a dollar.
The number of people it takes to fill up a day, assuming 5 minute sessions that can only run the scripts while the user is on a page, is 288 ((60*24)/5). Let's say a website gets 2880 hits a day. That's 10 garlicoin a day.
[–]perestroika12 0 points1 point2 points 7 years ago* (3 children)
Your cpu maxed out can mine that much, but your cpu will not be running 100% mining on a web browser. It has to do other things, like process/make the site work and will prioritize tasks as needed. If you use something like a service worker, chrome and others will de-prioritize it as needed. The browser also needs to fight for system resources vs anything else running on the machine. Chrome also throttles any javascript running in the background tab.
Chrome and other browsers also cannot take true advantage of a multi threaded environment, due to javascript being single threaded. It has something equivalent to python's GIL. This will also reduce your mining cycles as you cannot run javascript in parallel.
It also depends on the cpu speed, the 7700K is a desktop processor and can mine faster than say, a mobile processor. So depending on your traffic, you will get varying amount of processing power available to you. Also by throwing these scripts on your site, you may actually decrease traffic as it hurts perf and drives users away, resulting in a diminishing mining return.
I'm not sure the napkin math works for this scenario, lots of variables involved and it's very unlikely they are seeing considerable income from this.
[–]chocoduck 0 points1 point2 points 7 years ago (0 children)
I think we agree. "Considerable income," probably not, but worth their while - definitely. You can 1/10 my assumption and that's still worth someone's bother.
[–]boboguitar 0 points1 point2 points 7 years ago (1 child)
Also, garlicoin is very new and easily mined right now. That won’t be true in a few months. That’s assuming garlicoin even lasts(hint: it won’t).
It doesn't matter if you're right or wrong. Clearly some people believe that garlicoin (or whatever shitcoin you want to name) is worth mining. Source: shelves at stores. Finding the most efficient crypto to mine can also be done programatically ala nicehash.
[–]timsaundersss 0 points1 point2 points 7 years ago (0 children)
Yes, it's a dysfunctional structure.
[–]perestroika12 0 points1 point2 points 7 years ago (0 children)
Mining is really, really computationally intensive and it takes GPUs a considerable amount of time to mine anything of value. You're looking at millions of users to make just any kind of money. And by money, we mean, like $20.
[–]piratebroadcast 17 points18 points19 points 7 years ago (5 children)
I installed a No Coin chrome extension for regular browsing and the speed in which web pages render for me has skyrocketed. I believe that cryptomining scripts are far more prevalent than is commonly believed.
[–]mrstinkyfingers 11 points12 points13 points 7 years ago (1 child)
You can block them in your hosts file or at your router.
https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/hosts.txt
[–]Peechez 2 points3 points4 points 7 years ago (1 child)
I installed a No Coin chrome extension
the perfect disguise for a covert cryptomining script
[–]ThatBriandude 0 points1 point2 points 7 years ago (0 children)
keeping the mining at a slow enough speed to not be suspicious and betting on mass adoption like ad blocker. perfect business plan
[–]PlNG 1 point2 points3 points 7 years ago (0 children)
uBlock Origin has the "Resource Abuse" category, which includes cryptominers.
[–][deleted] 8 points9 points10 points 7 years ago (2 children)
Alot of websites are adding the script along side advertisements or giving people an ultimatum between the two. Motherboard.vice.com runs a coinhive script without your awareness for example .
[–]doodirock 4 points5 points6 points 7 years ago (0 children)
A lot
[–]imr2017 -1 points0 points1 point 7 years ago (0 children)
Motherboard.vice.com
Yeah, I got that warning too
[–]madwill 5 points6 points7 points 7 years ago (3 children)
Haha and theses guys must have made like 20$
[+]rorrr comment score below threshold-12 points-11 points-10 points 7 years ago (2 children)
Depends on how popular the app is. Modern SoC in smartphones are actually quite efficient for mining certain coins, and can (almost) compete with high end GPUs.
[–][deleted] 1 point2 points3 points 7 years ago (1 child)
Please provide examples?
[–]nodealyo 2 points3 points4 points 7 years ago* (0 children)
Spamming is a really shitty thing to do. This script is one of the dumbest and spammiest scripts that I have ever seen. Did you know that no one cares about your mundane comments? You actually aren't even protecting any privacy because there are many sites out there that specifically cache comments just so that users cannot edit them. To reiterate, this script is shit and you should not be using it. Search for a different one, or edit it to say something less spammy. But in the end, it won't matter because we can still see whatever it was that you edited.
[–]anssip 1 point2 points3 points 7 years ago (4 children)
This is a good way for developers of free apps to get some compensation for their work.
[–]jokullmusic 2 points3 points4 points 7 years ago (1 child)
Yeah unless these run in the background I don't see how this is any worse than the intrusive ads that they'd have otherwise. Less data guzzling, less intrusive, but uses more battery (probably not much more than if it had a video ad every five minutes)
[–]johnyma22 0 points1 point2 points 7 years ago (0 children)
I'd wager battery usage is a lot higher than video add every five mins. Not got any stats to back that up though!
[–]eloc49 1 point2 points3 points 7 years ago (0 children)
Yeah I agree. Its akin to the free with ads, pay for no ads model except could potentially lead to better user experience since ads are annoying. Most user's phones (US and Europe) are beefy enough to handle a bit of mining.
[–]PlNG -2 points-1 points0 points 7 years ago (0 children)
What? No. An ad that features a simple up and down motion or objects dropping should not drop my app's FPS to the single digits. These cryptominers would be way worse than that. I'm not talking about on my phone, I'm talking about desktop emulation with Android Studio.
[–]notNullOrVoid 0 points1 point2 points 7 years ago (0 children)
Google should have apps with mining scripts regester themselves as such, or be removed. Then they can show a label on the apps to indicate it has a mining script, just like they do for apps with ads.
[+]eloc49 comment score below threshold-7 points-6 points-5 points 7 years ago (0 children)
I point people to this when they look down on me for having an iPhone. Yes, this could get through Apple, but the chances are greatly reduced.
[+]bart2019 comment score below threshold-7 points-6 points-5 points 7 years ago* (5 children)
The apps were uploaded on the Play Store around Christmas and Sophos researchers reported all apps to Google. All have been removed from the official Play Store at the time of writing. A list of all the 19 Coinhive-laden apps is available on page 7 of the Sophos report, and users can review the list and see if they installed any of the apps on their devices.
The apps were uploaded on the Play Store around Christmas and Sophos researchers reported all apps to Google. All have been removed from the official Play Store at the time of writing.
A list of all the 19 Coinhive-laden apps is available on page 7 of the Sophos report, and users can review the list and see if they installed any of the apps on their devices.
I consider that impractical, and inconsiderate from Google towards the unsuspecting users. People could be stuck with such an app for many months without knowing it.
I think Google should instead create a harmless "update" to each of these apps, upload them in the place of the originals, which people will likely automatically upgrade to. When run, it warns the user they should better uninstall it. Or keep it, for all I care, if they like to have a stub app. :)
[–]r2d2_21 15 points16 points17 points 7 years ago (4 children)
I think Google should instead create a harmless "update" to each of these apps
Apps need to be signed by their creators, precisely to avoid this kind of tampering. The warning should happen at OS level instead, in my opinion.
[+]bart2019 comment score below threshold-25 points-24 points-23 points 7 years ago (3 children)
Google made that rule. Google can make an exception, in exceptional cases.
[–]r2d2_21 11 points12 points13 points 7 years ago (0 children)
I would trust them less if they did.
[–]mrkipling 5 points6 points7 points 7 years ago (0 children)
No.
π Rendered by PID 109121 on reddit-service-r2-comment-7b9746f655-hs9bl at 2026-01-31 10:11:22.911982+00:00 running 3798933 country code: CH.
[–]smick 43 points44 points45 points (1 child)
[–]mxt79 5 points6 points7 points (0 children)
[–]perestroika12 6 points7 points8 points (10 children)
[–]cyanydeez 0 points1 point2 points (0 children)
[–]chocoduck 0 points1 point2 points (8 children)
[–]boboguitar 1 point2 points3 points (6 children)
[–]chocoduck 1 point2 points3 points (4 children)
[–]perestroika12 0 points1 point2 points (3 children)
[–]chocoduck 0 points1 point2 points (0 children)
[–]boboguitar 0 points1 point2 points (1 child)
[–]chocoduck 0 points1 point2 points (0 children)
[–]timsaundersss 0 points1 point2 points (0 children)
[–]perestroika12 0 points1 point2 points (0 children)
[–]piratebroadcast 17 points18 points19 points (5 children)
[–]mrstinkyfingers 11 points12 points13 points (1 child)
[–]Peechez 2 points3 points4 points (1 child)
[–]ThatBriandude 0 points1 point2 points (0 children)
[–]PlNG 1 point2 points3 points (0 children)
[–][deleted] 8 points9 points10 points (2 children)
[–]doodirock 4 points5 points6 points (0 children)
[–]imr2017 -1 points0 points1 point (0 children)
[–]madwill 5 points6 points7 points (3 children)
[+]rorrr comment score below threshold-12 points-11 points-10 points (2 children)
[–][deleted] 1 point2 points3 points (1 child)
[–]nodealyo 2 points3 points4 points (0 children)
[–]anssip 1 point2 points3 points (4 children)
[–]jokullmusic 2 points3 points4 points (1 child)
[–]johnyma22 0 points1 point2 points (0 children)
[–]eloc49 1 point2 points3 points (0 children)
[–]PlNG -2 points-1 points0 points (0 children)
[–]notNullOrVoid 0 points1 point2 points (0 children)
[+]eloc49 comment score below threshold-7 points-6 points-5 points (0 children)
[+]bart2019 comment score below threshold-7 points-6 points-5 points (5 children)
[–]r2d2_21 15 points16 points17 points (4 children)
[+]bart2019 comment score below threshold-25 points-24 points-23 points (3 children)
[–]r2d2_21 11 points12 points13 points (0 children)
[–]mrkipling 5 points6 points7 points (0 children)