Is Google Chrome your web browser of choice? Are you in the habit of adding Chrome extensions? If so, this week’s announcement by Google will be of interest to you. The Chrome Web Store has banned Chrome extensions designed to mine for crypto-currencies and plans to remove all such extensions already in the store by June, 2018. These extensions will advertise a useful function but will come with hidden cryptocurrency mining capability running in the background.
Due to the increase in the number of Chrome extensions that maliciously mine for virtual coins, without the user’s knowledge, Google has chosen to help protect user safety. This in-browser “cryptojacking” uses scripts designed to mine digital currency. These scripts can use a significant portion of your computer’s CPU power, which could greatly reduce performance and increase power consumption. Many websites also use these mining scripts, with the same impact on your computer.
Extensions are intended to enhance the Chrome experience for users by providing additional capabilities and an extensive catalog of such extensions is currently available to users. Google was allowing developers to provide extensions designed for cryptocurrency mining, so long as users were made aware of this behaviour, however, the platform has been abused by malicious software developers.
On another note, a new cryptocurrency mining threat has been discovered, called “HiddenMiner”. This attacks Android devices, using their computing power to mine for Monero Cryptocurrency. This malware appears as a legitimate looking Google Play update application, using the Google Play icon. The user is asked to activate the application as a device administrator, with pop-up windows continuously displaying until the requested permission is granted. Once installed, HiddenMiner hides itself from the user and begins mining in the background.
HiddenMiner continuously mines for Monero Cryptocurrency until all of your Android device’s resources are depleted. This can cause the device to overheat and even fail. You may also find your device screen locked and your administration permissions revoked.
The only good new for us is that this threat has only been known to affect users in India and China so far. To be on the safe side we recommend that you:
- Only download apps from official marketplaces,
- Update your device’s operating system on a regular basis and
- Be careful and attentive about the permissions you grant to applications.
BSC Solutions Group offers a variety of Cyber Security Services for businesses. If you are interested in learning more, give us a call.