Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Chrome Extension Hacked to Secretly Mine Cryptocurrency

The Archive Poster Chrome extension has, for weeks now, been secretly mining the cryptocurrency Monero via users' computers.

By Michael Kan
December 29, 2017
The Rise of Cryptocurrency Hacks

Cryptocurrency mining software has been secretly invading PCs through a Chrome browser extension.

For the past few weeks, Archive Poster has been mining a virtual currency called Monero over the Chrome browser without warning computer owners.

SecurityWatch Archive Poster users have been complaining and giving the Chrome extension bad reviews since early December. Although the mining occurs in the background, it can still hog a computer's resources. As a result, antivirus software is starting to flag the covert activity as a form of malware or adware.

On Friday, Archive Poster developer Essence Labs confirmed the mining was taking place, but blamed it on a hack.

Archive Poster Reviews

"An old team member who was responsible for updating the extension had his Google account compromised," Essence Labs said in an email to PCMag. "Somehow the extension was hijacked to another Google account."

Archive Poster has more than 105,000 users; it's designed to work with Tumblr as a way to reblog archived pages. Tainted versions of the Chrome extension will also load a JavaScript file that'll run cryptocurrency mining software via a users' browser.

At this point, it's not clear who was behind the hack. However, the mining software involved comes from a service called Coinhive, said Troy Mursch, an independent security researcher who examined the Chrome extension's code.

For months now, Coinhive has been offering a Monero miner that anyone can embed into a website. The problem is that hackers have been using the miner too; they've been hijacking websites and other Chrome extensions to install it, with the hope of making serious bank. As of Friday, the price of a single Monero has reached $380, up from a mere $14 a year ago.

Coinhive says it's trying to stop the abuse, but the hacks have continued.

Google did not immediately respond to a request for comment. Essence Labs said it has been working with Google to regain access to the product. "In the meantime we have alerted the users to use a safe version of the extension on a different link," the company said in an email.

Deleting the extension from your Chrome browser can also stop the mining. To do that, access the browser's three-dot menu icon, click the "More tools" option, and select "Extensions."

How Your Password Was Stolen
PCMag Logo How Your Password Was Stolen

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan