web analytics

Plugins Secretly Mining Cryptocurrency on Your Machine

by | Jan 3, 2018 | Privacy & Tech

Cryptojacking has surged in popularity over the last several months. It works by installing a JavaScript component in a website that then surreptitiously utilizes your computer’s processing power to mine cryptocurrency. Since nearly every webpage you visit maintains JavaScript, in-browser cryptojacking is a trend that has gotten out of control.

In recent days, Google has been flooded with cryptojacking complaints. After it was discovered that the Archive Poster extension deployed in-browser cryptocurrency mining without the user’s knowledge, Google finally pulled it. However, by the time Google removed it, Archive Poster had more than 105,000 users.

The extension was initially described as a Chrome plugin that serves as a Tumblr mod: “reblog, queue, draft, and like posts right from another blog’s archive.” Who would have guessed that such a benign plugin was a clandestine cryptocurrency miner?

Plugins Secretly Mining Cryptocurrency

The next time you download a browser extension, you may need to be extra vigilant: it may be a front for mining some obscure cryptocurrency, or the coding may have been corrupted.

Troy Mursch, a U.S.-based security researcher, was one of the first to come across the threat. He alerted the media about the Coinhive cryptojacking code hidden inside of a JavaScript file. He further learned that it had been inserted in at least four previous updates of Archive Poster.

Evidently, the extension refused to request permission from users to run the code. This led to perpetual mining of Monero, a privacy coin, so long as the browser remained open.

This was soon followed by a plethora of users notifying Google in the review section of the Chrome Web Store. Reportedly, there is a “SAFE” variant of the extension floating on the Web store, but experts are unsure of its reliability.

Cryptojacking Has Many Forms

When someone mines cryptocurrencies, it requires an immense amount of computer power because the device needs to solve complex mathematical calculations. This is common for all types of cryptocurrencies, like Bitcoin, Litecoin, Ripple, or Ether.

In this instance, a user has no other alternative but to uninstall the extension or shut down the website that is hijacking the processing power.

But cryptojacking has had many forms over the years – 2014 was the year of innovation!

In a 2014 congressional report, the U.S. National Science Foundation (NSF) revealed that a researcher used supercomputers at two universities for Bitcoin mining. The researcher was subsequently prohibited from using the supercomputer. The IT staff at Iowa State University had learned that five department servers had been hacked to mine Bitcoin. A 43-year-old Dutch man was arrested in March 2013 for stealing electricity to power 21 computers that were mining Bitcoin. Johannes Ullrich, an instructor at the SANS Technology Institute, found malware infected in security cameras to mine Bitcoin.

Considering how valuable cryptocurrencies have become over the last 12 months, it is likely that unscrupulous individuals will continue to generate clever measures to mine Bitcoin, Dogecoin, and Monero.

What is Monero Anyway?

Monero, or XMR, is an open-source cryptocurrency that was established in April 2014. It concentrates on decentralization, privacy, and scalability. Monero, which has a market cap of $5.8 billion, is valued at just under $400 per coin – it started off 2017 worth only a few pennies.

As its price jumps, all sorts of people are looking to get in on the action, including criminals and governments, especially since Bitcoin is no longer anonymous.

The Independent is reporting that criminals are circumventing law enforcement agencies by engaging with Monero, a cryptocurrency designed to avoid surveillance and tracking. The experts contend that Monero is becoming the tool for ransomware attacks and money laundering. Just last month, hackers attacked around 200,000 WordPress websites to demand they generate Monero.

Meanwhile, Bloomberg claims that the North Korean government is hacking computers to mine Monero to help finance its expenditures. As one example, a Pyongyang special unit allegedly hacked into a South Korean firm’s server to mine 70 Moneros, equal to about $25,000. With sanctions crippling the isolated nation, Kim Jong-un needs to find any revenue stream, and Monero may be the answer.

For cryptocurrency aficionados, Bitcoin may be so 2017; a little bit passé, if you will. If you’re ever cryptojacked, and a delinquent demands some Monero, at least you now know what it is!

Have you ever been cryptojacked? Give us a call on our LIVE Author chat line to ask us a question or tell us what you think!


Read More From Andrew Moran

Latest Posts

Testing the Biggest Joe Biden 2024 Rumor

With the general election less than five months away, and as most of the nation considers the consequential...

Surgeon General’s Warning for Social Media

Is social media adding to mental health issues among the young? Surgeon General Vivek H. Murthy seems to think...