Matsuda Posted September 19, 2017 Share Posted September 19, 2017 Google's automatic verification system for Chrome extension uploads to the official Chrome Web Store is a wreck; less than a day after the Steam Inventory Helper incident, another Chrome extension was found to abuse user trust by using user systems for crypto currency mining. The free browser extension SafeBrowse on the other hand runs a crypto mining module in the background while it is enabled in the browser and while the browser is open on the system. SafeBrowse's main purpose is to skip forced intermediary advertising pages from services such as adf.ly or Linkbucks. The most recent update of the browser extension includes a crypto miner that runs in the browser automatically. It uses the computer's processing power -- CPU -- to mine cryptocurrency. Chrome users who have installed the browser extension may have noticed that CPU usage is going up whenever Chrome is open. Those with proper firewall protection may have noticed that connections are made to the domain coin-hive.com. A quick look at the source code of the Chrome extension SafeBrowse confirms that connections are made to the site. The rise of in-browser crypto mining seems inevitable. One of the longest standing torrent indexing sites, The Pirate Bay, was found to run a crypto miner on its website as well this month. Now it is the first Google Chrome extension that mines crypto currency while the extension is installed, and it seems likely that it won't be the only one that will make use of such an option. While there is nothing wrong with crypto mining in the browser, other than that it is highly ineffective as it relies solely on the processor, it becomes a huge issue if the mining is not user initiated but enforced automatically either on visit or when an extension is installed. The first anti-mining browser extension was released recently. No Coin is designed to block known mining domains, but it may not work properly if the mining comes from an extension and not from a website. Anyway, if you have installed SafeBrowse for Chrome, it is probably a good idea to uninstall the browser extension at this point in time. Google needs to change its stance on the store's verification process for new extensions and extension updates. Mozilla, a much smaller organization, does this a lot better as it has a manual review policy in place for all new and updated Firefox extensions.View: Original Article Link to comment Share on other sites More sharing options...
straycat19 Posted September 20, 2017 Share Posted September 20, 2017 Here is a list of the IPs they use for their miners. You can block them in your firewall. www.coin-hive.com 94.130.128.243 ws002.coin-hive.com 144.76.112.165 ws003.coin-hive.com 144.76.114.98 ws004.coin-hive.com 88.99.6.234 ws005.coin-hive.com 88.99.5.35 ws006.coin-hive.com 136.243.89.87 ws007.coin-hive.com 136.243.89.75 ws008.coin-hive.com 136.243.91.46 ws009.coin-hive.com 136.243.89.209 Link to comment Share on other sites More sharing options...
steven36 Posted September 20, 2017 Share Posted September 20, 2017 SafeBrowse has done been pulled from the Google's store after someone complain too Google about it. https://www.reddit.com/r/chrome/comments/711xf1/safebrowse_extensions_contains_a_crypto_miner/ Malwarebytes flags it as malware. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.