Symantec recently found two Google Chrome extensions that secretly mine for the Monero cryptocurrency. Both extensions were found on the official Google Chrome Web Store and secretly perform coin mining after they are installed.
Cryptojacking is the process where cyber criminals surreptitiously run coinminers on victims’ devices without their knowledge and use their Central Processing Unit (CPU) power to mine cryptocurrencies. This process makes the criminals money while using the victim’s computer and resources.
The primary effects of cryptojacking include: device slowdown; overheating batteries; increased energy consumption; devices becoming unusable; and reduction in productivity.
One of the extensions, called 2048, is a version of a popular math-based strategy game. The extension was published in August 2017, which suggests the publisher has made some profit using the CPU cycles of those users to mine for cryptocurrency.
The other extension, Mp3 Songs Download, claims to be an MP3 downloader but just redirects the user to an MP3 download website when they click on the extension button. The MP3 download website secretly launches a coin-mining script in the background. The Mp3 Songs Download extension was published in June 2017 and has around 4,000 users.
Protection
• Symantec and Norton products detect the extensions as Miner.Jswebcoin
Mitigation
• Install a suitable security app, such as Norton or Symantec Endpoint Protection, to protect your device and data.
• Pay close attention to CPU and memory usage on your computer or device. Abnormally high usage could be an indication of coin-mining.
• Check the app developer’s name, which can be found on the app’s store page. Do an internet search for the developer as there may be users who have had experience of their apps – good or bad.
• Check the app reviews. While fake reviews are common, they’re often short and generic. There may also be legitimate reviews from users who have figured out that the app isn’t what it appears to be.