Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Catalin Cimpanu, reporting for BleepingComputer: A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open. Named "Archive Poster," the extension is advertised as a mod for Tumblr that allows users an easier way to "reblog, queue, draft, and like posts right from another blog's archive." According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code.

Affiliate links

[110010001000]

That is really underhanded. It is like posting affiliate links to unrelated Amazon stuff.

charge the authors with theft

[Ritz_Just_Ritz]

If the extension is surreptitiously stealing your cpu cycles and electricity to perform an activity that the authors did not explicitly ask permission, I would say that meets the definition of theft. File a criminal complaint and let the authorities chase them around.

Re:And Firefox just moved to this extension model?

[MightyYar]

Security is one justification, but the real problem is that the old extension model allowed extensions to hook into every part of the GUI. This meant that any change to the GUI at all could potentially break an extension. They tried patching this by keeping track of what version an extension was developed against, but in the end they felt that the system was fundamentally broken and was holding the whole project back. Personally, I share your frustration as the new model can't even accommodate seamlessly shifting the tabs over to the side, or adding a button to pop open the password manager. I'm hoping they continue to add capability.

Re:And Firefox just moved to this extension model?

[jbmartin6]

More secure isn't the same as perfect security and no one claimed it was, so your approach of taking one failure and concluding that the whole model isn't any better than the previous one fails the logic test. Unfortunately, since browsers are so capable and widely used, a browser extension is essentially just an additional application with all the threats that confers. If you install a crappy extension, you will get crappy results. The defense is to vet your browser extensions as carefully as you do your applications. P.S. all the Firefox extensions I use work fine on the new model.