Yet another extension on the internet browser, Google Chrome, has been found to be mining currency without the knowledge of the user.
A software engineer named Alessandro Polidori said that he noted the use of Coinhive’s popular Monero-mining code on an extension within Chrome. After being alerted by various security features on his computer, he looked into it and found that the extension was running a file to mine currency for the owner of the code.
The code injected by hackers into certain webpages is meant to earn money in the form of coins for the hacker. This piece of code runs in the background, unbeknownst to the user and essentially hijacks their computing power. The coins go back to the hacker and can generate a solid amount of money in not that long of a time.
Polidori stated that “to remove any doubts that any installation could be tampered, I tried to install the new extension to a new Chrome instance. Unfortunately I got the same result, so we can conclude that it was intentionally designed.” Polidori only found out that his computer was mining after seeing his CPU jumped to a staggering 95% workload.
The extension had been downloaded already by about 15,000 people. When Polidori let Google know what was going on, the software was quickly pulled from the extension marketplace. This is similar to what occurred last month, when a Chrome extension known as SafeBrowse (ironically) was found to be harboring a cryptocurrency mining software.
This software is not inherently malicious and has a lot of potential in the market space, but when it is put into malicious software without the user knowing it is occurring, it ends up getting a bad reputation. Hopefully, the malicious intent will slow down, and people will realize the full potential of this to replace advertising in modern websites.