Chrome, we have a problem. Or rather, several. The more popular the Google browser becomes, the more it becomes the target of rather undesirable practices, and unfortunately the beloved extensions of its ecosystem, are the vector to harm users.
There is a fairly high percentage of malicious extensions for Chrome that do more than what they say they do. And now we have to worry about cases like SafeBrowse, an extension installed by more than 140,000 users that was being used to mine cryptocurrencies taking advantage of the CPU of their victims’ computers.
The case of SafeBrowse, which fortunately has already been removed from the Chrome Web Store after being reported by multiple users as malware, seems to be the first of an extension doing this, but the method used is one that seems to be becoming fashionable.
SafeBrowse uses Coinhive, itself a cryptocurrency miner in JavaScript that has been using The Pirate Bay without informing users. The purpose: to mine Monero.
Stealing cryptocurrencies or hijacking CPUs to mine cryptocurrencies
Here is the dilemma. As it seems that everyone wants to get rich with the latest cryptocurrency, apparently hijacking users’ CPUs to undermine them has become a booming fad.
The evil of Ethereum is that it has become fashionable to steal it , but Monero’s seems to be one that affects those who do not have a portfolio of cryptocurrencies, do not know what they are, or believe that a bitcoin is the currency in Super Mario. This does not matter, because if you have a CPU, you have the potential to be exploited.
The practices range from creating malware and hijacking equipment, to injecting code into a website in the style of The Pirate Bay, to do so taking advantage of a user installing your extension.
The problem with installing extensions indiscriminately
We have lowered the guard much with the extensions that we installed in the navigator. Many times we have some in the browser that we do not even use, and those that we do use rarely pay more attention unless they do what interests you.
An extension can become adware without you knowing it , they can be collecting your data to sell to the highest bidder, as in the famous case of Web of trust ; they can inject malware or completely hijack the browser, they can steal your crypts or use them to undermine them.
Installing extensions is basically as dangerous as downloading things indiscriminately without verifying their origin . The worst part is that you can download a malicious extension directly from the official Google store and not from a suspicious download page. This adds an extra bit of difficulty to the user who fully trusts what gets downloaded from something with Google’s seal of approval.
What I can do?
Unfortunately not everything that shines in the Chrome Web Store is gold , so as a user you have to be more aware of several things, such as the permissions that an extension requests before being installed.
In many cases, for some extensions to work, they require high permissions, such as reading and modifying all the data of the websites you visit, without this meaning having evil purposes . But sometimes this is the case.
Begin to actively ask why an extension needs this or another permission is a good step forward. The next thing is to read the reviews, which are not usually as false as those of Amazon. If an extension has a very low rating, there is a warning point.
If in the reviews you see people complaining about something, take note. In the case of SafeBrowse you could already see user reviews reporting that the extension had a cryptocurrency miner. Take advantage of the experience of others, sometimes it is useful.
In some cases it is difficult to know if an extension is doing something wrong in the background, it is difficult as a user to know that your data is collected and selling, but other things are easy to detect.
If you use the Chrome task manager to know which extensions consume more resources you can easily detect extensions that are simply abusing.
In the case of something like SafeBrowse, mining cryptocurrencies is something that requires a huge juice of your CPU and will be noticed immediately. If an extension is consuming too high percentages, it is better to get rid of it, whether or not you know what you are doing, it deserves to disappear from your life.
Mostly just install extensions of trusted brands, or that have been recommended by trusted sources . Before installing something, maybe a Google search on your practices is not bad. The people of SafeBrowse already had a bad reputation for having also used the extension to spy users and sell their data.