Security News > 2018 > April > Google Bans Crypto-Mining Chrome Extensions
Google on Monday announced that Chrome extensions designed to mine for crypto-currencies are no longer accepted in the Chrome Web Store. While still focused on allowing the Chrome extensions ecosystem to evolve, Google also wants to keep users as safe as possible. Thus, a rise in the number of malicious Chrome extensions that mine for virtual coins without informing the users has sparked the Internet giant to ban all such extensions. The scripts designed for mining purposes often require significant CPU power to perform their activity, and could result in severely diminished system performance or in increased power consumption. Called in-browser cryptojacking, such mining behavior is employed by many websites as well, often with heavy impact on user experience. “Over the past few months, there has been a rise in malicious extensions that appear to provide useful functionality on the surface, while embedding hidden cryptocurrency mining scripts that run in the background without the user’s consent,” James Wagner, Extensions Platform Product Manager, says. Starting Monday, Google no longer accepts extensions that mine crypto-currency in the Chrome Web Store. Furthermore, the company plans on removing all such extensions from the store in late June. Extensions with blockchain-related purposes that do not attempt to mine for virtual coins will continue to be distributed through the Web Store. Previously, Google allowed developers to submit for publication extensions designed for crypto-currency mining as long as the application was built for mining only and users were explicitly informed on this behavior. However, the vast majority (90%) of the extensions containing mining scripts that were submitted for upload to the Chrome Web Store failed to comply with the company’s policies and ended up rejected or removed from the store. “The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome. Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users,” Wagner points out. Related: Ad Network Performs In-Browser Cryptojacking Related: Half Million Impacted by Four Malicious Chrome Extensions (function() { var po = document.createElement("script"); po.type = "text/javascript"; po.async = true; po.src = "https://apis.google.com/js/plusone.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s); })(); Tweet Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:New KevDroid Android Backdoor DiscoveredGoogle Bans Crypto-Mining Chrome Extensions New Monero-Mining Android Malware DiscoveredHacked Magento Sites Steal Card Data, Spread MalwareNew Bill in Georgia Could Criminalize Security Research sponsored links Tags: NEWS & INDUSTRY RSA NetWitness Suite Threat Insights
News URL
Related news
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes (source)