Google pulls crypto-mining Chrome extension Archive Poster
Google removed Archive Poster from the Chrome Web Store the other day after reports emerged that the extension abused user devices to mine crypto-currency.
Archive Poster's main function improved Tumblr, a popular blogging site. It allowed users to run actions -- reblog, queue, draft or like -- from blog archives.
Archive Poster had more than 105,000 active users and a near perfect rating before Google pulled the extension from the official Chrome Web Store.
Bleeping Computer reports that the extension's behavior changed in early December when users started to leave one-star comments which confirmed that the extension was mining crypto-currency after the latest update.
The extension used the Coinhive JavaScript miner which mins Monero in the background while Google Chrome is running.
This all happened without the need to request extra permissions to run mining operations in Chrome. The extension loads a file from an external URL that contains the Coinhive mining code.
Users of the extension reported it to Google for malicious behavior with reports going back to early December 2017.
A user reported the extension on the official Google Chrome Help forum asking for assistance from Google. The user was told that he should "get in touch with the extension developer for further assistance", or "report the extension".
It took Google almost a month to remove a misbehaving Chrome extension from the Web Store that abused Chrome user devices to mine crypto-currency.
Affected users can remove the extension from the web browser on chrome://extensions/.
This is not the first incident of its kind. The first Chrome extensions with JavaScript crypto-mining functionality was exposed back in September 2017.
Update: PC Mag reports that Essence Lab, the company responsible for the extension, stated that it was hijacked.
Closing Words
It is bad enough that crypto-mining extensions and other malicious extensions land in the official Chrome Web Store regularly. Google uses an automated system to determine whether extensions are safe or not. This system is flawed, as reports about malicious browser extensions for Google Chrome come to light regularly.
The only other defense, if you want to call it that, is user reports. We have seen this again and again: a malicious extension slips by and lands in the Store, users download it and start to report it eventually.
Google removes the extension eventually, but never immediately from the Store. Malicious code can also be added to existing extensions, for example when extensions get hacked, or when companies buy popular browser extensions.
Google needs to change its verification system to avoid that users of the Chrome browser lose trust in the whole extension ecosystem of the browser.
Mozilla changed its system recently from a manual inspection system that vets Firefox extensions before they land in the Store to a publish first and test manually later system.
It’s not the first time it’s happened and probably won’t be the last: https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/
Trend Micro reported miners on the Google Play Store back in September as well: http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
But since Google Chrome has become the dominant player in the browser wars and Android is the king of the mobile market I guess they take the view that it doesn’t matter that much if a few thousand users get burned occasionally.
Goolge’s customer service really fell flat here. They should not have told a user to contact the extension developer, since that was the bad actor in this case. They often lack common sense.
Chances are you deserve a crypto-currency miner sneaked into your device if you browse tumblr! (:
Another bad way ff has become a 2nd rate chrome clone.
what on earth has mozilla got to do with this.?
This is about the chrome web store.
Mozilla Addon site now also behaves like Chrome Web Store. No need for verification to put addons. Now Mozilla AMO is full of crap addons. Ghacks and other sites made a news about this, click on the link in the last paragraph above for details.
Go Mozilla…. :)