Chrome crypto-mining extension discovered

A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users’ computers by secretly mining for virtual cash.

The SafeBrowse plugin claims to let you surf the web without the nuisance of wasting time, waiting for annoying advertising pop-ups to disappear so you can, for instance, get your hands on a free download.

What you may not realise, however, is how SafeBrowse’s authors are planning to make money out of your use of their ostensibly “free” tool. That’s because the browser extension automatically mines for digital cryptocurrencies as it runs in your background.

As Ghacks reports, if you have enabled SafeBrowse in your Chrome browser it will run continuously in the background, running crypto mining code from Coin Hive.

The typical user, however, may have no idea as what has occurring, and may not link their installation of the SafeBrowse extension with the fact that their computer’s central processor is now being kept busy making complex mathematical functions to generate income for the extension’s creator.

Ghacks reporter Martin Brinkmann believes this is the first ever example of a Chrome extension that engages in crypto-mining, but my guess is that it won’t be the last. Other developers will no doubt attempt to take advantage of the technique to make money out of the computers that their code is being run on.

mining-code

Just this week, Pirate Bay got into hot water when it was discovered that it had added a JavaScript-based cryptocurrency miner to its website.

The question is this – are you happy for third-party code to mine for cryptocurrency on your computer without your permission?

My belief is that most people would prefer to know, and be required to give their explicit permission, rather than for a software engineer to assume they have free reign to do what they want. Especially when there can be an impact on system resources, such as the CPU.

Certainly, judging by the most recent reviews of SafeBrowse, many users appear to be in agreement with me, with some claiming that after installing the extension their CPU usage leapt up to 70%.

It’s clear to me that, just like the Android app store, Google could be doing a better job of policing its official Chrome Web Store. If it fails to get a handle on things, chances are that we will see many more coders exploit the unsuspecting browsers of internet surfers.

 

Originally published 20/9/17: https://hotforsecurity.bitdefender.com/blog/first-ever-crypto-mining-chrome-extension-discovered-18992.html

Leave a Reply

Your email address will not be published. Required fields are marked *