Google will start removing Chrome extensions with cryptocurrency mining scripts
Despite new regulatory hurdles and a market downturn, the adoption of cryptocurrencies such as Bitcoin, Ethereum, and Litecoin shows no sign of slowing down. In fact, it has given rise to a cottage industry: cryptocurrency mining, or the process of validating transactions and obtaining cryptocurrency in return. Those transactions become more computationally intensive over time. These days, mining profitably requires powerful hardware. That’s encouraged some malicious actors to target computers through Chrome extensions, but Google’s putting a stop to the practice.
Starting today, the Chrome Web Store will no longer accept extensions that contain cryptocurrency mining scripts. Existing extensions will be removed in late June.
Until now, Google has permitted developers to submit cryptocurrency mining extensions to the Chrome Web Store that (1) are solely intended for mining and (2) don’t try to obfuscate their mining behavior. But according to the search giant, the vast majority of mining extensions—approximately 90%—failed to comply with its policies.
“Over the past few months, there has been a rise in malicious extensions that appear to provide useful functionality on the surface, while embedding hidden cryptocurrency mining scripts that run in the background without the user’s consent,” James Wagner, Extensions Platform Product Manager at Google, wrote in a blog post on the Chromium blog. “These mining scripts often consume significant CPU resources, and can severely impact system performance and power consumption.”
The ban on cryptocurrency mining extensions won’t impact extensions with other digital currency-related functionality, such as Bitcoin price checkers, cryptocurrency wallet managers, and blockchain browsers. That’s an important distinction. Apps like MetaMask, a popular extension that acts as a middleman between Chrome and Ethereum, will still be allowed.
“The [Chrome] extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome,” Mr. Wagner wrote. “This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”
Chrome isn’t the only Google platform that has been the target of malicious cryptocurrency miners. In November, Ars Technica uncovered a number of popular Android applications with mining scripts, two of which had been downloaded 50,000 times. In December, Sophos published a report on Loapi, a new form of cryptocurrency-mining malware that masquerades as pornography content and antivirus software on the Play Store. And in January, Trend Micro said that a cryptocurrency mining service called Coinhive was hijacking YouTube users’ computers to mine Monero, a digital currency.