Story image

Google to ban cryptocurrency mining extensions from Chrome

09 Apr 18

Google’s Chrome Web Store has now banned extensions that facilitate cryptocurrency mining, because script developers haven’t been following the rules.

According to the Chromium blog, during the last few months there has been an increase in malicious Chrome extensions that offer some useful functionality, but they also run cryptomining operations in the background without the user’s consent.

The cryptomining operations affect a system’s CPU usage, system resources, performance, and it can also lead to hire power consumption.

Now Google has moved to reject or remove most cryptomining scripts on the Web Store, and will not accept any more cryptomining extensions.

“Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension’s single purpose, and the user is adequately informed about the mining behaviour,” explains Chromium Extensions Platform product manager, James Wagner.

"Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store,” he continues.

The ban doesn’t include blockchain extensions that do not engage in cryptomining.

“The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalogue of extensions that help users get the most out of Chrome.”

“Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users. This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”

Google recently announced it would ban most advertisements relating to  cryptocurrencies and other speculative investments, starting in June.

The restrictions affect advertising for cryptocurrencies, contracts for difference, binary options, financial spread betting, and rolling spot forex.

Those that offer genuine services in those fields must ensure that both their website landing pages and advertisements are in line with relevant legal requirements and Google AdWords policies.

MailChimp, Twitter, and Facebook have all clamped down on cryptocurrency  advertising over the past few months as scams, fraud, and deception run rife.

According to statistics from Check Point, one cybercriminal earned more than $3 million from mining the Monero cryptocurrency.  

Globally, 55% of organisations were targeted by cryptomining attacks in December 2017, Check Point research also found.

Last week Korea-based cryptocurrency exchange Coinnest was dealt a blow as its CEO Kim Ik-hwan was arrested for charges including fraud and embezzlement.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.