Multiple Google extensions have been accused of conducting secret mining. Who should protect the computer security of netizens?

Earlier this month, video torrent search engine The Pirate Bay was accused of using visitors’ CPUs to mine Monero in an effort to monetize the site’s traffic. The site used Coinhive, a JavaScript code that helped the site’s management team divert visitors’ resources to mine the anonymous cryptocurrency.

Since The Pirate Bay was exposed for using this type of code, many other websites have also taken this opportunity to privately use their CPU to mine this cryptocurrency without asking for users' consent. Recently, a Google Chrome extension called "Short URL (goo.gl)" was also accused of using this JavaScript code. The incident was exposed by Node.js software engineer Alessandro Polidori.

Polidori was initially alerted by cybersecurity tools, so he decided to dig deeper into the extension and discovered that it was downloading and running a file from Coinhive called cryptonight.wasm, which then began to quietly mine cryptocurrencies.

The developer of the add-on did not mention that it included cryptocurrency mining functionality, so Polidori re-downloaded the browser to be safe, making sure his computer settings had not been changed. However, he found that whenever he opened Google Chrome, his CPU usage would reach 95% again. He said:

To rule out the possibility that the settings had been changed, I installed the extension in a new Google Chrome browser. Unfortunately, I saw the same results, so it can be said that the extension itself contains such a design.

When Polidori discovered the secret mining function of the extension, it had been downloaded 15,000 times, and Polidori immediately notified Google to remove the program. Using visitors' CPU power to mine Monero is not malicious in itself, but the problem is that they did not ask users for their consent in advance. In some forums, users have made it clear that they are happy to donate their CPU power (probably not as much as 95%) to remove ads from websites.

The explosion of web mining

Last month, another Google extension, SafeBrowse, was also removed for also embedding cryptocurrency mining code. Hackers have successfully infiltrated several websites (including CBS Showtime) and installed Coinhive code to generate revenue.

In response to the criticism, Coinhive (although the use of this code is generally legal) has begun developing a new Monero mining function, AuthedMine, which asks for user consent before starting mining, rather than mining privately. Due to the popularity of the organization's mining code, many competitors have emerged on the market, one of which is Crypto-Loot, which promotes that the user will not notice the operation of this mining code, that is, without asking for user consent in advance.

Last month, Kaspersky Lab revealed that at least 1.65 million computers were infected with mining malware and forced into a large botnet. Security software manufacturers have taken notice, and anti-malware and anti-spyware software such as Malwarebytes and ad blockers, as well as various antivirus software, have begun blocking Monero mining code.