sb-au logo
Story image

Google to ban cryptocurrency mining extensions from Chrome

09 Apr 2018

Google’s Chrome Web Store has now banned extensions that facilitate cryptocurrency mining, because script developers haven’t been following the rules.

According to the Chromium blog, during the last few months there has been an increase in malicious Chrome extensions that offer some useful functionality, but they also run cryptomining operations in the background without the user’s consent.

The cryptomining operations affect a system’s CPU usage, system resources, performance, and it can also lead to hire power consumption.

Now Google has moved to reject or remove most cryptomining scripts on the Web Store, and will not accept any more cryptomining extensions.

“Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension’s single purpose, and the user is adequately informed about the mining behaviour,” explains Chromium Extensions Platform product manager, James Wagner.

"Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store,” he continues.

The ban doesn’t include blockchain extensions that do not engage in cryptomining.

“The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalogue of extensions that help users get the most out of Chrome.”

“Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users. This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”

Google recently announced it would ban most advertisements relating to  cryptocurrencies and other speculative investments, starting in June.

The restrictions affect advertising for cryptocurrencies, contracts for difference, binary options, financial spread betting, and rolling spot forex.

Those that offer genuine services in those fields must ensure that both their website landing pages and advertisements are in line with relevant legal requirements and Google AdWords policies.

MailChimp, Twitter, and Facebook have all clamped down on cryptocurrency  advertising over the past few months as scams, fraud, and deception run rife.

According to statistics from Check Point, one cybercriminal earned more than $3 million from mining the Monero cryptocurrency.  

Globally, 55% of organisations were targeted by cryptomining attacks in December 2017, Check Point research also found.

Last week Korea-based cryptocurrency exchange Coinnest was dealt a blow as its CEO Kim Ik-hwan was arrested for charges including fraud and embezzlement.

Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More