Slashdot Mirror

← Back to Stories (view on slashdot.org)

Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner (bleepingcomputer.com)

Posted by ryuzaki0 on from the yours-and-mining dept.

An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140,000 users, contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. The additional code drives CPU usage through the roof, making users' computers sluggish and hard to use.

Looking at the SafeBrowse extension's source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension's author claims he was "hacked" and the code added without his knowledge.

5 of 76 comments (clear)

  1. Though wrong in this case... good model? by RhettLivingston · · Score: 2, Insightful

    This hack was clearly wrong, but is the idea of intentionally using a cryptocurrency miner to profit from the writing of an extension a wrong one?

    I think it would be interesting for websites and extensions to expand to giving a choice of at least three ways of paying for premium access. We already have a choice between paying a monthly fee or accepting advertisements on many sites. If given a third choice of allowing some of my CPU time to be utilized by the site or extension for cryptocurrency mining - at least on my plugged in laptop - I would choose to allow mining as long as it didn't peg my CPU and it was good at backing off when I had real needs.

    In fact, with many websites I would love to have the option of allowing cryptocurrency mining to pay for it. It would be great if an efficient miner was built into the browser that could be utilized via some standard and has solid permission protection.

    1. Re:Though wrong in this case... good model? by Solandri · · Score: 4, Insightful

      If given a third choice of allowing some of my CPU time to be utilized by the site or extension for cryptocurrency mining

      That's the same thing as paying for the extension, except instead of paying for it directly, you're paying for it indirectly via a higher electric bill. I (and I think anyone who really thinks this through) would rather pay a one-time fee to purchase the software/extension/access, instead of paying continuously for it every time I'm using my browser via a higher electric bill which works out to an indeterminate total sum.

      Even if you're not paying for your electricity directly (your rent includes utilities), you still end up paying for it. If the landlord notices the electric bill is consistently higher, he'll just make your next rent increase a little higher. So you'll be paying a higher rent which pays a higher electric bill which pays for the software/extension/access. Burying expenses in this way under multiple layers of misdirection is how you nickle and dime people to death, and thwarts normal market forces by hiding the true cost of buying/using something.

      If you don't like how much it costs to buy certain software or access, don't use it.

    2. Re:Though wrong in this case... good model? by Alain+Williams · · Score: 3, Insightful

      In fact, with many websites I would love to have the option of allowing cryptocurrency mining to pay for it. It would be great if an efficient miner was built into the browser that could be utilized via some standard and has solid permission protection.

      Shhhh! Don't let Apple or Microsoft hear you. They already think that they own your PC/phone and can monetise it as they see fit. They could make a lot of money from crypto-currency mining on millions of machine world wide.

    3. Re:Though wrong in this case... good model? by Hognoxious · · Score: 4, Insightful

      Companies don't hire people because they're making a profit. They hire people when, despite the threats & floggings, the existing workforce can't do the work needed.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  2. Another Reason to Avoid Apps Whenever Possible by Anonymous Coward · · Score: 2, Insightful

    Further illustrates the risk of downloading any app. Even an app that's trusted today could become something entirely different after an update. To make matters worse, many smartphones are configured to update apps automatically. Though, even manual updating is no panacea, since often such security issues don't come to light until months later, if ever. So again, it's best to avoid apps whenever possible. Uninstalling or disabling apps not being actively used.