Engineer discovers hidden cryptocurrency miner in Google Chrome extension
“Borrowing” CPU horsepower from users to mine cryptocurrency has become common. It”s touted as a way to make money from websites without bothering viewers with ads, but many believe it borders on malware. And for good reason too.
The latest such case was reported by Node.js software engineer Alessandro Polidori. In a lengthy Medium post (picked up by The Register), Polidori shares his experience of coming across a Googe Chrome URL shortening extension carrying a hidden cryptocurrency miner.
The extension used CoinHive“s Monero mining tool which, according to the company”s marketing materials, lets you “monetize your business with your users” CPU power.”
Polidori was alerted to suspicious activity by the Intrusion Detection System in his NethServer installation. Nethserver is an open-source, CentOS-based operating system for Linux enthusiasts.
“Doing an analysis of my machine I”ve found that the process involved in suspected IP connections is Google Chrome, and more specifically is the “Short URL (goo.gl)” extension, whose name is self-explanatory,” Polidori writes.
With 14,390 downloads at the time of Polidori”s writing, the unnamed developer behind the URL shortening extension may have amassed considerable crypto earnings. Two weeks after the engineer reported his findings, the Chrome extension was taken down.
Polidori considers cryptocurrency miners malware, because the mining is not made expressly clear to users.
Embedded cryptocurrency miners are technically not malware. Still, Bitdefender detects and reports cryptocurrency miners, giving users the chance to opt out if they wish.
We reported a similar case a while back involving torrent site The Pirate Bay, which was piloting a program to replace ads with cryptocurrency mining. The Pirate Bay chose CoinHive for its initiative too.
CoinHive, for its part, is extremely transparent about its service and even encourages subscribers to tell their user base that their CPUs are being used to mine Monero. Not all subscribers do that, however.
“The miner itself does not come with a UI â€“ it”s your responsibility to tell your users what”s going on and to provide stats on mined hashes,” reads the CoinHive documentation. “While it”s possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.”
CoinHive pays out 70% of earnings to its users and retains 30% to keep the service alive. It says it has yet to turn a profit.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 27, 2021
July 27, 2021
July 23, 2021