Another fraudulent Chrome extension hijacks the computer to get cryptocoins

The more popular Google browser becomes, the more it becomes the target of quite undesirable practices, and unfortunately the much-loved extensions of its ecosystem, are the vector to harm users.

There is a fairly high percentage of Chrome extensions that do more than they say they do. And now we have to worry about cases like SafeBrowse, an extension installed by more than 140,000 users that was being used to mine cryptocoins, taking advantage of the CPU of their victims’ computers.

The SafeBrowse case, which fortunately has already been removed from the Chrome Web Store after being reported by multiple users as malware, seems to be the first of an extension doing this, but the method used is one that seems to be getting trendy.

SafeBrowse uses Coinhive, the same as a cryptocoins miner in JavaScript that has been using The Pirate Bay without informing users. The purpose: to mine Monero.

An extension can become adware without your knowledge, they may be collecting your data to sell to the highest bidder, as in the famous case of Web of trust; they can inject malware or completely hijack the browser, they can steal your cryptocoins or use them to mine them.

Installing extensions is basically as dangerous as downloading things indiscriminately without verifying their origin. The worst thing is that you can be downloading a malicious extension directly from the official Google store and not from a suspicious download page. This adds an extra bit of difficulty to the user who relies fully on what is dropped from something with Google’s seal of approval.

What can you do?

Please limit yourself to installing extensions of trusted brands, or that have been recommended to you by trusted sources. Before installing something, maybe a Google search on their practices does not hurt. The people of SafeBrowse, for example, already had a bad reputation for also having used the extension to spy users and sell their data.