What Is Cryptojacking? Google Bans All Chrome Cryptocurrency Mining Extensions

Alphabet’s Google has announced a ban on Chrome extensions used to hijack a victim’s computer and create cryptocurrency.

In a blog post on Monday, the U.S. technology giant said extensions—small pieces of downloadable software that provide new functions on a user’s computer—will no longer be allowed to host crypto-mining code. An audit found that roughly 90 percent of such extensions on the platform were ignoring Google policies.

The process, known as cryptojacking, covertly runs illicit computer code—often without the consent of the victim. It consumes high levels of CPU power and can severely impact system performance. Cybersecurity experts have said the most popular “mined” cryptocurrencies include Bitcoin and Monero.

“Starting today, Chrome Web Store will no longer accept extensions that mine cryptocurrency,” the post read. “Existing extensions that mine cryptocurrency will be delisted from the Chrome Web Store in late June. Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store.”

Until this week, the Chrome team allowed mining code if the end user was properly informed about the software’s purpose. But James Wagner, Google’s extensions platform product manager, said on Monday that there had been a recent spike in “malicious extensions” hidden in Chrome downloads.

He wrote: “The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome. Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform.”

In a March 2018 security advisory, U.S. antivirus company Symantec warned about a fresh increase in cryptojacking cases. It came after a strain of software known as CoinHive was blamed for a slew of new infections around the world. Overall, the firm found that detections for coinminers surged by 8,500 percent in 2017.

“Cybercriminals started trying to make money this way primarily because there was a huge rise in the value of cryptocurrencies in the last quarter of 2017, making this type of cybercrime extremely profitable,” Symantec said. “Victims may not even realize a coinminer is slurping their computer’s power.”

The same month, Google announced a crackdown regarding cryptocurrency-focused advertising on its platform. “Improving the ads experience across the web, whether that's removing harmful ads or intrusive ads, will continue to be a top priority for us,” said ad director Scott Spencer. The move followed similar action by Facebook.