Chrome Extension with 105,000 Users Hacked to Secretly Mine Cryptocurrency

A popular Chrome extension with over 105,000 users has been hijacked to run Coinhive, an in-browser cryptocurrency miner that covertly uses the victim’s CPU to mine Monero.

The extension, called Archive Poster, enables Tumblr users to reblog content from other websites. In early December, users started noticing the spike in CPU usage before flooding the extension’s Chrome store page with negative reviews.

“Do not use this extension as it comes loaded with a cryptocurrency mining script,” one user wrote. “Once installed it makes requests to coinhive which eats up your CPU time and slows your computer down massively. Avoid.”

The developer behind the extension confirmed the embedded cryptominer before claiming the extension was hacked. “An old team member who was responsible for updating the extension had his Google account compromised,” Essence Labs said in an email to PCMag. “Somehow the extension was hijacked to another Google account.”

Hijacked versions of the extension now load a JavaScript file that triggers the cryptocurrency mining software. While the developer did not reveal how or when the hijack took place, while one reporter claimed it could have been a disgruntled employee who added the miner to the extension.

The developer further added it was working with Google to ‘regain access’ to its extension. “”In the meantime we have alerted the users to use a safe version of the extension on a different link,” the company added.

A number of websites have been found running cryptomining software and scripts in recent months. The likes of Showtime, Starbucks, Politifact, UFC and the Pirate Bay have all been running mining software withohut the users’ consent, either intentionally or due to hackers’ exploits.

Image credit: Pixabay