By Tomáš Foltýn
The tech giant is taking the measure after a
rise in malicious browser extensions that mine digital money by hijacking the
processing power of users’ computers. The clampdown follows Google’s recent
move to stop serving any and all adverts promoting virtual currencies and
initial coin offerings.
Google will no longer allow cryptocurrency
mining extensions in its Chrome Web Store, regardless of whether or not they
are upfront about what they do, according to an announcement on the technology giant’s Chromium blog on
Monday. As a result, no new mining extensions are accepted into the store in a
measure effective as of Monday April 2nd, while
existing ones will be removed in late June.
Google’s extensions platform product manager
James Wagner wrote that the store had previously permitted cryptocurrency
mining extensions with the proviso that this was their sole purpose and the
user was kept up to speed about what such an extension did.
However, Google has found that around nine
out of ten extensions that include mining scripts failed to play by the book,
prompting the company to introduce the blanket ban.
“Over the past few months, there has been a
rise in malicious extensions that appear to provide useful functionality on the
surface, while embedding hidden cryptocurrency mining scripts that run in the
background without the user’s consent,” according to Google.
For example, in December, Google booted a Chrome extension that, in addition to its stated
purpose, had also roped unsuspecting users into mining digital coins. The
extension had amassed more than 105,000 installations over the span of several
weeks.
Meanwhile, extensions with blockchain-related purposes other than mining get off
scot-free in the new policy.
The latest clampdown follows a measure in March whereby Google introduced a ban, also as
of June, on all adverts that promote digital currencies. This mirrored a policy
change that Facebook adopted in January. Twitter followed suit in late March.
Cryptojacking, or the hijacking of the computer processors
of unsuspecting users to generate virtual currencies, has exploded in
popularity in recent months. Scripts mining virtual currencies have become
notorious for chewing up much of a computer’s processing resources, thus
affecting system performance and driving up energy bills for the usually
unsuspecting users.
While malicious cryptocurrency mining is not a new phenomenon, covert campaigns picked up extra
steam with the launch of the Coinhive in-browser mining service in September.
Coinhive’s JavaScript has been co-opted by scammers looking to make a quick
buck. The explosion in illicit coin mining roughly coincided with the dramatic
rise in the prices of digital currencies.
Coinhive’s script and numerous copycats have
been detected on thousands of websites, including many legitimate but compromised
websites, as well as in browser extensions and plugins, and on typo-squatted
domains.
Surreptitious mining scripts have also been supplied alongside malware, in malvertising campaigns, and
through hijacked cloud services. Miscreants have also smuggled the scripts into
at least 19 apps in Google Play Store.