Cryptocurrency mining software has been secretly invading PCs through a browser extension in Chrome.
For the past few weeks, the extension called Archive Poster has been mining a virtual currency called Monero over the Chrome browser, without warning computer owners.
Since early December, Archive Poster users have been complaining and giving the Chrome extension bad reviews. Although the mining occurs in the background, it can still hog a computer's resources. As a result, many antivirus vendors are starting to flag the covert activity as a form of malware or adware.
On Friday, the Archive Poster developer Essence Labs confirmed the mining was taking place, but blamed it on a hack.
"An old team member who was responsible for updating the extension had his Google account compromised," Essence Labs said in an email to PCMag.
"Somehow the extension was hijacked to another Google account."
Archive Poster has more than 105,000 users; it's designed to work with Tumblr as a way to reblog archived pages. Tainted versions of the Chrome extension will also load a JavaScript file that'll run cryptocurrency mining software via a users' browser.
At this point, it's not clear who was behind the hack. However, the mining software involved comes from a service called Coinhive, said Troy Mursch, an independent security researcher who examined the Chrome extension's code.
For months now, Coinhive has been offering a Monero miner that anyone can embed into a website. The problem is that hackers have been using the miner too; they've been hijacking websites and other Chrome extensions to install it, with the hope of making serious bank. As of Friday, the price of a single Monero has reached $380, up from a mere $14 a year ago.
Coinhive says it's trying to stop the abuse, but the hacks have continued.
Google did not immediately respond to a request for comment. Essence Labs said it has been working with Google to regain access to the product. "In the meantime we have alerted the users to use a safe version of the extension on a different link," the company said in an email.
Deleting the extension from your Chrome browser can also stop the mining. To do that, access the browser's three dot menu icon, click the "More tools" option, and select "Extensions."
No comments:
Post a Comment