Engineer discovers hidden cryptocurrency miner in Google Chrome extension

“Borrowing” CPU horsepower from users to mine cryptocurrency has become common. It’s touted as a way to make money from websites without bothering viewers with ads, but many believe it borders on malware. And for good reason too.

The latest such case was reported by Node.js software engineer Alessandro Polidori. In a lengthy Medium post (picked up by The Register), Polidori shares his experience of coming across a Googe Chrome URL shortening extension carrying a hidden cryptocurrency miner.

The extension used CoinHive’s Monero mining tool which, according to the company’s marketing materials, lets you “monetize your business with your users’ CPU power.”

Polidori was alerted to suspicious activity by the Intrusion Detection System in his NethServer installation. Nethserver is an open-source, CentOS-based operating system for Linux enthusiasts.

“Doing an analysis of my machine I’ve found that the process involved in suspected IP connections is Google Chrome, and more specifically is the “Short URL (goo.gl)” extension, whose name is self-explanatory,” Polidori writes.

With 14,390 downloads at the time of Polidori’s writing, the unnamed developer behind the URL shortening extension may have amassed considerable crypto earnings. Two weeks after the engineer reported his findings, the Chrome extension was taken down.

Polidori considers cryptocurrency miners malware, because the mining is not made expressly clear to users.

Embedded cryptocurrency miners are technically not malware. Still, Bitdefender detects and reports cryptocurrency miners, giving users the chance to opt out if they wish.

We reported a similar case a while back involving torrent site The Pirate Bay, which was piloting a program to replace ads with cryptocurrency mining. The Pirate Bay chose CoinHive for its initiative too.

CoinHive, for its part, is extremely transparent about its service and even encourages subscribers to tell their user base that their CPUs are being used to mine Monero. Not all subscribers do that, however.

“Coinhive offers a JavaScript miner for the Monero Blockchain that you can embed in your website,” the company explains. “Your users run the miner directly in their Browser and mine XMR for you in turn for an ad-free experience, in-game currency or whatever incentives you can come up with.”

“The miner itself does not come with a UI – it’s your responsibility to tell your users what’s going on and to provide stats on mined hashes,” reads the CoinHive documentation. “While it’s possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.”

CoinHive pays out 70% of earnings to its users and retains 30% to keep the service alive. It says it has yet to turn a profit.

Leave a Reply

Your email address will not be published.