Cryptomining will stop on Chrome – malicious or not
On April 2nd, Google announced[1] that it is banning all the cryptocurrency mining extensions from Google Web store, including those that are particularly designed to do so. Additionally, Google promised to remove all existing extensions by the end of June.
Google allowed digital currency miners as long as their sole purpose was dedicated to cryptocurrency mining and every single user affected by it would be properly informed. While many users agree to offer some of their CPU power in order to browse websites ad-free, cybercriminals managed to abuse this feature and hide crypto-miners inside “useful” extensions.
One such cryptojacking example is the Archive Poster,[2] a popular Google Chrome extension used by millions of users. Allegedly, its purpose was to manage Tumblr posts. However, the malicious app was discovered to secretly mine Monero digital currency from all its victims.
The well-known torrent site The Pirate Bay[3] was accused of popularizing crypto mining extensions last year in order to be able to monetize on unsuspecting users. Ever since the abuse peaked as crooks tried to increase their profits while exploiting victims’ CPU power.
Google took a step further
Google Chrome has been the most successful browser in recent history[4], as it peaked in popularity at over 60% preference from users. As we are proceeding into 2018, it does not seem like Chrome is stepping down. Thus, it is not surprising that Google takes actions to protect millions of users whose CPU resources are illegally drained by crooks.
Google banned malicious cryptojacking extensions in the past. However, with the new policy in effect from Monday, none of the crypto miners will be allowed into Google Chrome store, including the previously-permitted ones. To justify the ban, James Wagner, Extensions Platform Product Manager, stated:
<…>Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.
Google noted that extensions are a powerful tool allowing users to make the most out of their browser. However, the company finds it unacceptable that malicious software developers abuse the system and expose users to hidden risks.
Cryptojacking might still not be prevented completely
Cryptojacking affects not only regular users but high profile organizations, too. A Russian nuclear facility has been reported to be affected by cryptojacking extension that compromised several supercomputers on the plant. Additionally, Tesla, Google’s DoubleClick Ad service, and various governmental websites were affected by the same problem.
Crypto mining ban came soon after Google first announced removing all advertisements linked to cryptocurrency. Furthermore, internet giant was not the first one to do so: social media platforms like Twitter and Facebook made that announcement beforehand.
While the attempt to remove all cryptominers from Chrome is praiseworthy, it might still not be enough to eliminate the threat altogether. Malware developers are known to evolve their script and hide the mining capabilities of the extension successfully.
Thus, we advise users to check for their CPU usage from time to time and take actions[5] as soon as the suspicious activity is detected. After all, cryptojacking might lead permanent hardware damage.
- ^ James Wagner. Protecting users from extension cryptojacking. Chromium Blog.
- ^ Jake Swearingen. Google Chrome Extension ‘Archive Poster’ Secretly Mined Cryptocurrency. NYmag. American magazine.
- ^ Pirate Bay Resumes Mining Monero Using Visitor CPU Power. CCN. Cryptocurrency news.
- ^ Chrome SuccessStory. SuccessStory. Success stories.
- ^ Alice. Guide to Cryptojacking: What It Is & How to Prevent It. The Dar Web News. The Ultimate Dark Web Resource.
