Kargai Posted December 29, 2017 #1 Posted December 29, 2017 Another day another sneaky story about someone taking profits of some user to win some coins. This time it's from a extension you can find in the Google Chrome Store. 105.000 people used the extension called "Archive Poster" which is basically a way to publish more easily some content to your Tumblr via reblog, queue, draft and likes that you can do directly on the archive page of any other Tumblr. For 3 to 4 weeks now they were using the CPU power of their user to mine some Monero via the coinhive script, without letting anyone knows about it of course. Imagine how much it can represent with 100k+ users who probably let Tumblr open for hours everyday. source : https://www.bleepingcomputer.com/news/security/chrome-extension-with-100-000-users-caught-pushing-cryptocurrency-miner/ There is 2 options here : or the developper of the add-on directly decide to take advantage of his users, or the extension was hacked by someone else. In all cases, those times ... it's the wild wild west out there
skillex Posted December 29, 2017 #2 Posted December 29, 2017 26 minutes ago, Kargai said: Another day another sneaky story about someone take profits of some user to win some coins. This time it's from a extension you can find in the Google Chrome Store. 105.000 people used the extension called "Archive Poster" which is basically a way to publish more easily some content to your Tumblr via reblog, queue, draft and likes that you can do directly on the archive page of any other Tumblr. For 3 to 4 weeks now they were using the CPU power of their user to mine some Monero via the coinhive script, without letting anyone knows about it of course. Imagine how much it can represent with 100k+ users who probably let Tumblr open for hours everyday. source : https://www.bleepingcomputer.com/news/security/chrome-extension-with-100-000-users-caught-pushing-cryptocurrency-miner/ There is 2 options here : or the developper of the add-on directly decide to take advantage of his users, or the extension was hacked by someone else. In all cases, those times ... it's the wild wild west out there Woah! what a mafia happening in the world today! Is it really now the time that we cant trust anyone anymore?, maybe its a sign already of the end times as what stated in the Bible. Imagine we are putting our whole trust to google by just signing in all what we have since google is really broad, by signing to google chrome browser we rely or trust fully ourselves to chrome by giving the access to our emails, googledrive,google accounts and youtube accounts. So if theres a possibility that the chrome dev have a mafia going on with this issue how is our security now? what will be going to happen? Where will be the Google's "Control, protect, and secure your account, all in one place" phrase be? Hoping im just wrong in concluding, maybe the dev of chrome's browser and add-ons or extension are not related.
Kargai Posted December 29, 2017 Author #3 Posted December 29, 2017 Add-ons are made by individuals or companies not related to Google. However every extenions/add-ons or themes who hit the Chrome extension catalog is supposed to be audited by Google. Don't quote me on this i can be totally wrong but i don't believe they will let anyone adding what they want in their catalog. I already knew some Firefox or Chrome add-ons were scammy but it was from personnal webiste outside their ecosystem, not directly from them like in this case.
skillex Posted December 29, 2017 #4 Posted December 29, 2017 10 minutes ago, Kargai said: Add-ons are made by individuals or companies not related to Google. However every extenions/add-ons or themes who hit the Chrome extension catalog is supposed to be audited by Google. Don't quote me on this i can be totally wrong but i don't believe they will let anyone adding what they want in their catalog. I already knew some Firefox or Chrome add-ons were scammy but it was from personnal webiste outside their ecosystem, not directly from them like in this case. hehe sorry fo quoting i dont know how to unquote you anymore anyway thanks for clarifying more about this matter kargai hoping really this issue happening is outsides google's knowledge and consent.
lupandina Posted December 30, 2017 #5 Posted December 30, 2017 So many sites are mining and without users permissions... I installed some miners blocking add-on, and it catches and blocks at least 2-3 sites everyday...
Featured Comment
Archived
This topic is now archived and is closed to further replies.