Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Chrome Privacy Security

Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner ( 47

Catalin Cimpanu, reporting for BleepingComputer: A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open. Named "Archive Poster," the extension is advertised as a mod for Tumblr that allows users an easier way to "reblog, queue, draft, and like posts right from another blog's archive." According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code.
This discussion has been archived. No new comments can be posted.

Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Comments Filter:
  • by 110010001000 ( 697113 ) on Friday December 29, 2017 @10:01AM (#55827785) Homepage Journal
    That is really underhanded. It is like posting affiliate links to unrelated Amazon stuff.
  • by Ritz_Just_Ritz ( 883997 ) on Friday December 29, 2017 @10:35AM (#55827949)

    If the extension is surreptitiously stealing your cpu cycles and electricity to perform an activity that the authors did not explicitly ask permission, I would say that meets the definition of theft. File a criminal complaint and let the authorities chase them around.

  • 100k users is nothing, 1million is nothing. Popularity of an extension means nothing if something like this can happen. The auto-update method for extensions is ripe for abuse.
    IIRC, not that long ago places like GitHub were taken over in such the same manner. Trusted applications were suddenly wrapped with malware.

    I don't have a solid answer, but it's something worth looking into.

  • by Anonymous Coward

    So you're telling me there's finally a way to monetize Chrome extensions?

  • and is it useful?

    I bet that if the creator did offer a paid premium version without the mining even at a very reasonable price most users would quietly shutoff and continue using the free mining version....

  • The shit about Yahoo and Tumblr, Yahoo made the small barely standing Tumblr fall and puke, now this too, it encourages users to leave it... Sad to see Tumblr leaving...
  • HOSTS file or set into router. A Chrome Extension site, I've seen this site buried as a redirect hidden by it's ip address

Never worry about theory as long as the machinery does what it's supposed to do. -- R. A. Heinlein