[DeathArrow]

Dumb question about WASM. How do we know the app isn't mining crypto on our hardware? It's not like we can inspect the source.

[franga2000]

You can't really inspect the source of most modern JS web apps without deobfuscation tools. Similar tools exist to disassemble WASM binaries and turn them into something readable.

Specifically for finding crypto miners, web requests will be an obvious sign of something fishy happening. You can see everything in the network inspector and if the binary uses some kind of additional encryption of requests, you should assume it's malicious.

[2fast4you]

Same way you know if any desktop app is mining crypto. You’ll be able to guess based on resource usage, and you can still decompile the WASM module