Google Chrome Extension Exposed to Covertly Mine Cryptocurrency

Chrome Extensions Found Compromised, Spreading Adware

A popular Google Chrome extension has been discovered to utilize users’ processors to mine Monero, without users’ knowledge.

SafeBrowse, a popular Google Chrome extension, has recently been caught using the processors of its user’s devices in order to mine Cryptocurrency without the knowledge or consent of the users themselves. This extension has to date over 140 000 downloads.

The developers embedded a JavaScript library into the extension’s code. This enabled the software to secretly continue mining Monero. Users caught on to this covert operation when their computers started slowing down after installing the extension.

SafeBrowse is advertised as an extension which was created in order to help users bypass certain advertising content. Especially in enforced advertisements in YouTube videos that require the user to watch for a mandatory amount of time, before skipping the advertisement. SafeBrowse enabled users to skip immediately. Other networks known for this are Adfly and Linkbuck, these often target malicious website and has been known for its invasiveness.

Since its launch, SafeBrowse has enjoyed 14 000 downloads as well as a 4.4/5 star rating in the Google Chrome store. It also boasts over 2000 reviews singing its praises before its cryptocurrency mining was exposed.

Yet after users exposed SafeBrowse’s cryptocurrency agenda, many took to the Chrome Web store to share their experiences. SafeBrowse’s ratings and reviews immediately plummeted. Many users noted that the extension was using up to 60% of their processors CPU resources.

The massive CPU resource drain is attributed to including a JavaScript miner called Coinhive. Coinhive implements a cryptocurrency mining algorithm within a user’s browser. This is in turn used to mine Monero.

Monero is an open source cryptocurrency which was founded in 2014. Currently, one Monero is valued at $95.

Even though the cryptocurrency mining program utilizes the users’ resources, all profits go directly towards the creators of SafeBrowser.

The Coinhive mining code featured in version 3.2.25 of SafeBrowser. Considering that Chrome has a policy of automatically updating all extensions, many users might still be at risk even if they didn’t manually install this version.

The miner has had an extensive impact on its thousands of users. Which makes the extreme backlash that the creators are currently experiencing somewhat understandable. Many users who installed the extension, took to Reddit to expose the extension, but also to caution other users against installing the extension. Currently, SafeBrowse is not available on the Google Chrome store.

SafeBrowser enjoyed a good reputation amongst users, but the latest cryptocurrency mining scandal might prove to change that.

This is not the first time that SafeBrowser put its users at risk.

Researchers at Detectify Labs noted in 2015 that SafeBrowser was among numerous browser that was used to track its user’s online activity without the consent of the user.

Implementing cryptocurrency mining software is also growing in popularity among software developers. Earlier this month, popular torrent website, The Pirate Bay, was exposed for implementing a similar mining code. Reportedly, this was only an experiment by the site’s owners who were looking at alternative methods to generate funds and eradicating the need for advertisements.