Skip to content

Google Chrome extension intercepted Monero by the user processor

Get trading recommendations and read the analysis on Hacked.com for only $ 39 a month

Earlier this month, CCN reported the efforts of The Pirate Bay to use the visitor CPU to exploit Monero in order to monetize site traffic. The torrent index used Coinhive, a JavaScript code that allows web site administrators to extract anonymity-based cryptocurrency using the visitor's resources.

Since The Pirate Bay used the code, various bad actors decided to seize the opportunity and start using people's processors to extract cryptocurrency, without asking for their consent. Recently, a Google Chrome extension called "Short URL (goo.gl)" was intercepted using the JavaScript code of the software engineer Node.js Alessandro Polidori.

Polidori was alerted by the security tools of his network, and decided to dig a little further in the extension. He discovered that he was downloading and running a file named cryptonight.wasm from Coinhive to secretly extract cryptocurrency.

The plugin developers did not mention the presence of the cryptocurrency miner in the URL shortener and, as such, Polidori decided to make sure that nothing n & # 39; Was falsified and installed on a new instance of Chrome. He discovered that, once again, his CPU usage was 95% each time Chrome was opened. He declared:

"To avoid any doubt that my installation might be corrupted, I tried to install the extension on a new instance of Chrome. Unfortunately, I got the same result, so we can conclude that it was intentionally designed. "

The extension had nearly 15,000 downloads when Polidori found the miner in, and promptly informed Google so that he was removed from his market. The use of the processor power of the visitor to extract Monero is not, in itself, malicious, but use it without the consent of the user. On various forums, users have stated that they would be happy to donate their CPU power – probably not 95 percent – to get rid of advertisements on the websites that they visit.

See also  "There was an awakening, did you feel it?"

The popularity of the operation of the website explodes

Last month, another Google Chrome extension called "SafeBrowse" was also removed from the market because it was using another cryptocurrency miner. Hackers have already been able to infiltrate websites – including popular CBS owned Showtime websites – to include the Coinhive code and reap the profits.

Responding to criticism, Coinhive – which is often used for legitimate purposes – began to develop a new Monero miner, AuthedMine, which first asks the user 's permission before it' s done. extract, instead of doing it secretly. The mining code of the organization has become so popular that a competitor, Crypto-Loot, has emerged and actively announces that users will not notice its operation and that it can be used without the consent of l & # 39; user. He adds that "we will not tell you how to run your business."

Last month, Kaspersky Labs revealed that 1.65 million computers had been infected with mining malware and placed in massive botnets this year. Security software vendors have already caught up, and Malwarebytes, ad blockers, and anti-virus software have already started blocking the Monero mining code.

Image from Shutterstock.