Google removes “Archive Poster” Chrome extension for secretly mining cryptocurrency

By Digit NewsDesk | Updated 2 Jan 2018
Google removes “Archive Poster” Chrome extension for secretly mining cryptocurrency
  • The extension hijacks a user’s CPU and mines for Monero without asking for any permissions till Chrome is running.

Google has taken down a popular Chrome extension called Archive Poster, which was quietly mining cryptocurrency from over 105,000 users. According to a report by BleepingComputer, the extension has been deploying an in-browser cryptocurrency miner which hijacks a user’s CPU and mines for Monero without asking for any permissions. As per its description, Archive Poster is an extension which allows Tumblr users to “reblog, queue, draft and like posts directly from another blog's archive.”

advertisements

As per the report, the Archive Poster app would hijack a user’s CPU to mine for cryptocurrency for the entire duration Chrome was active. Many user reviews of the extension revealed that it had incorporated the Coinhive in-browser miner in its source code, which was also used by “The Pirate Bay” for Cryptojacking users. Cryptojacking is the process of secretly mining cryptocurrencies using other people’s computer resources without their knowledge. 

Facebook’s Messenger was also recently attacked with a new cryptocurrency-mining bot called “Digimine” to mine Monero. The bot only affects Facebook Messenger's desktop or web browser version. As per a previous report, it sends a file which if opened on other platforms, does not work as intended. It cryptojacks a user’s browser and also installs a registry autostart mechanism as well as system infection marker. It launches Chrome on its own to install a malicious browser extension that it retrieves from a command-and-control (C&C) server. 

Also, the malware relaunches Chrome if it’s already running to make sure that the extension is installed. Although Chrome extensions can only be installed via the browser’s Web Store, attackers bypassed this by launching Chrome via command line. 

advertisements
advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

google chrome is it safe
D JAYASHEELA
Sept 26, 2014
Responses
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements