Popular Chrome Extension Embedded A CPU-Draining Cryptocurrency Miner

An anonymous reader writes: SafeBrowse, a Chrome extension with more than 140,000 users, contains an embedded JavaScript library in the extension's code that mines for the Monero cryptocurrency using users' computers and without getting their consent. The additional code drives CPU usage through the roof, making users' computers sluggish and hard to use.

Looking at the SafeBrowse extension's source code, anyone can easily spot the embedded Coinhive JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is the same technology that The Pirate Bay experimented with as an alternative to showing ads on its site. The extension's author claims he was "hacked" and the code added without his knowledge.

On a desktop it makes sense

[rsilvergun]

the cost of the electricity is pretty minimal. I think the main thing is to limit how much CPU it uses. Maybe if you could get it to run on an empty core. Lord knows there's a ton of unused processor power out there. I'm posting this on a quad core where 3 out of 4 cores are doing basically nothing 90% of the time.

Re:On a desktop it makes sense

[LordKronos]

the cost of the electricity is pretty minimal.

My computer at idle uses about 70 watts. At full load, it uses about 175 watts. Over the course of a year, the cost of that difference is typically at least $100 (several times that in some areas).

But even if you only have your computer running this for an hour a day, what even worse is how much a waste it is. Mining is very intensive. GPU and specialty hardware is sometimes profitable. CPU mining with optimized native code is NOT. CPU mining with something as inefficient as javascript is totally like flushing money down the drain. Sure, it's profitable for the thieves embedding this in banners and extensions because they have no investment in the cost (in the same way that it's profitable for a thief to smash a $100 window to grab the $5 bill you left on you seat). But as a means of "you run this code on your computer and I'll consider it payment", its a gigantic waste. You're better off just saying "paypal me 3 cents and I'll let you use my stuff for a year". Your profit will be about the same off that customer, the customer will save a ton of money, and you won't be destroying the environment in the process.