Crypto miners: now in Chrome extensions

Not so long ago, on Geektimes , news was published about the attempt of The Pirate Bay team to monetize its resource using the miner code posted on the tracker pages. This practice seems to be becoming increasingly popular. The other day there was information that the SafeBrowse extension for Chrome contains a crypto miner in its code. The number of users of the extension is 140,000, so the profit received by those who placed the code should be solid.

As in the case of The Pirate Bay, the miner specializes in obtaining Monero anonymous cryptocurrency . No users have received any notification about the new expansion feature. Actually, miners of this kind do no harm to anything. But they consume the resources of the machine on which the web page with the code is loaded, which means that they disrupt the normal workflow. In the case of a regular user, this is simply unpleasant. But if all this works within the network of the corporation, then we can already speak about a serious loss (inefficient work, resource consumption, etc.).

Alert users of the application almost immediately discovered the problem. Mainly due to the fact that the work of their PC has noticeably slowed down. True, the word “slowed down” here. The miner loads the system so much that the computer is unable to perform the necessary functions. More on this will be discussed below.
')

Also, the presence of the code is easily detected when viewing the source of the extension. The miner is called Coinhive JavaScript Miner , this is a browser implementation of the CryptoNight algorithm, which is used to generate a number of cryptocurrencies, including Monero, Dashcoin, DarkNetCoin.

Users have already published screenshots of the extension source code.


After the extension is activated, the miner starts working in the background, using a decent amount of the victim's computer resources. The miner works on all machines where there is Chrome with the appropriate extension. Miner version - 3.2.25. At the same time, it is interesting that the Chrome browser works in auto-update mode. Therefore, even those users whose expansion has not yet been affected by the miner will receive a gift in the coming days or hours.

Media journalists Bleeping Computer tested the influence of the plugin and miner. As expected, the latter began to consume a lot of resources, as can be seen in any program analyzing the operation of computer systems, including the Task Manager.


Chrome also has a task manager, and it shows that the expansion uses about 60% of the CPU resources.



If those who had inserted the miner’s code had envisaged the possibility of reducing the gluttony of the extension, then users, perhaps, would not understand what was the matter. But the miner is so active that after launching with an infected plugin, even the notorious Task Manager hangs.

SafeBrowse is still available in the Web Store. The journalists managed to get in touch with the authors of the extension, and they said that for them all that was said was a complete surprise: “Unfortunately, we don’t know anything about it, it’s probably hacking. So far we are studying the situation. We have already warned the Google team. The expansion has not been updated for more than a month, so we don’t know yet what the problem is. ”

At the time of this writing, the problem has not yet been resolved, so if you have this plugin installed, the latest version, and suddenly the computer started to slow down, then you know what the problem is. It is necessary to think that this issue will soon be decided, yet it has become too much for both individual users and the media to voice it.

In principle, you can get rid of crypto miners using another extension, for example, AntiMiner . In addition, the usual uBlock with default subscriptions also blocks such things, so if this extension is installed, third parties can not be used. In addition, most crypto liners for browsers work in JavaScript, so you can install a script blocker, which also solves this problem.

A few hours ago , an article was posted on Habré about the next cryptomaner installed on a regular site. Also very interesting in the light of all the above.