Popular Google Chrome Extension Caught Mining Cryptocurrency on Thousands of Computers

Fortune – A Google Chrome extension with more than 100,000 users has been quietly hijacking people’s computers to mine cryptocurrency.

Complaints first surfaced in early December that “Archive Poster,” a browser extension designed to help Tumblr users perform various tasks, had been contaminated with a program that mines the cryptocurrency Monero on unsuspecting users’ PCs. The software, which did not ask for people’s permission to operate, slowed down computers as it diverted computing power to mining, which involves solving math puzzles for cryptocurrency rewards.

The incident is the latest in a string of so-called cryptojacking attacks, in which hackers have hijacked PCs through compromised web servers and apps in order to mine cryptocurrency for themselves. Last year, the websites of Showtime, Politifact, and Pirate Bay at one time all unknowingly ran crypto mining software.

Cryptojacking has been gaining in popularity alongside a resurgence of interest in cryptocurrencies. Monero, a privacy-oriented coin that has found favor with the criminal underground, is a popular choice for these campaigns due to its unique mining operation, which is optimized for PCs rather than the specialized equipment required by Bitcoin miners.

If your browser is running Archive Poster, you can remove the extension by clicking the menu icon in the top right corner of your browser window (the button looks like a gray traffic light), selecting “More tools,” and “Extensions.” From there, you can manage extension permissions, enabling, disabling, or deleting them as you see fit.