Chrome extension with 105,000 customers is secretly using their PCs to mine cryptocurrency
A Google Chrome extension with over 105,000 users has been secretly using their computing power to mine cryptocurrency.
The free extension, which is still available to download from the Chrome Web Store, does not ask for the user's permission to use their computer's processing power to mine.
Mining is the term given to the production of cryptocurrencies, like bitcoin. Every bitcoin transaction between users is added to the blockchain, a public ledger of every transaction ever made. Transactions are only added once they have been authorized, which is done by computers completing complex mathematical equations; this math work is known as mining, which in turn produces new coins.
In this case, the Chrome extension has been coded to use its customers' computing power to mine valuable cryptocurrency.
Called Archive Poster, the extension claims to be a mod for Tumblr that allows users a way to "reblog, queue, draft, and like posts right from another blog's archive." The extension's secret mining was first reported by Bleeping Computer.
Recent user reviews give the extension just one star, with many calling it out for containing a cryptocurrency miner in the source code. One reviewer, called Ethan Short, said: "Used to be great until now it blasts my CPU mining cryptocurrencies in the background". Another said: "Browser hijacking now enabled. Do not use this extension as it comes loaded with a cryptocurrency mining script."
Despite the negative reviews, the extension holds an average score of 4.5 stars from over 3,400 reviews. According to the Chrome Web Store, the extension has just over 105,000 users. It was last updated on December 28, a day before news first broke of the mining software. The developer, New York-based Queue+, lists no contact details on its website and has not posted to its Twitter account for over two years.
The mining software has been a part of Archive Poster for at least the last four versions, spanning build numbers 4.4.3.994 to 4.4.3.998.
Bleeping Computer reports: "Google doesn't seem to care, allowing the extension to continue to be available on the official Chrome Web Store. A user even reported Archive Poster on the Google Chrome Help Forum, but a Google staffer told the user 'to get in touch with the extension developer for further assistant'."
For now, it is hard to tell if the extension is deliberately mining cryptocurrency, or if it is itself a victim of extension hijacking. Earlier this year, a number of Chrome extension developers were hit by phishing attacks as hackers hoped to gain access to the extension and inject malicious code into them without the developer or their customers noticing. Malware called Digibot has also been reported to be infecting Facebook Messenger in counties including Vietnam, Thailand and the Ukraine. And browser Opera has just released crytocurrency mining protection in its latest beta.
