Author Topic: Chrome cryptominer extension(s)  (Read 1925 times)

Offline Skuzzy

  • Support Member
  • Administrator
  • *****
  • Posts: 31462
      • HiTech Creations Home Page
Chrome cryptominer extension(s)
« on: December 29, 2017, 10:15:21 AM »
If any of you Chrome users have installed the "Archive Poster" extension, you might want to remove it as that extension is hiding a Monero miner.

For those of you who just went, "Huh?  WTF is that?"  It is a cryptominer which silently runs when Chrome is open mining the cryptocurrency Monero.  Meaning, it is taking CPU cycles from your computer so the creator of the extension can make money in the cryptocurrency market.

There are a lot of these types of things going on today, and it is getting worse.

Oh, and by the way, Google knows about this and is not doing anything about it, so far.
Roy "Skuzzy" Neese
support@hitechcreations.com

Offline Vulcan

  • Plutonium Member
  • *******
  • Posts: 9917
Re: Chrome cryptominer extension(s)
« Reply #1 on: December 29, 2017, 02:50:54 PM »
There are also websites now hosting miners that will mine while you visit them (Web Miners), as well as a lot of malware hitting the streets. Instead of ransoming you for money or screwing up your PC they suck CPU power to generate Bitcoin:

 #   Name   Enable
1   AndroidOS.Coinminer.JS (Trojan)      
2   BitCoinMiner.BX (Trojan)      
3   BitCoinMiner.CA (Trojan)      
4   BitCoinMiner.CSPO_2 (Trojan)      
5   BitCoinMiner.DNPO_2 (Trojan)      
6   BitCoinMiner.DNPO_4 (Trojan)      
7   BitcoinMiner.G_8 (Trojan)      
8   BitCoinMiner.IA (Trojan)      
9   BitCoinMiner.IY (Trojan)      
10   BitCoinMiner.UPOT_3 (Trojan)      
11   BitCoinMiner_3 (Trojan)      
12   CoinMiner.A_17 (Trojan)      
13   CoinMiner.ABE (Trojan)      
14   CoinMiner.ANT (Trojan)      
15   CoinMiner.ANT_2 (Trojan)      
16   CoinMiner.AVK (Trojan)      
17   CoinMiner.CT_2 (Trojan)      
18   CoinMiner.D_3 (Trojan)      
19   CoinMiner.ET (Trojan)      
20   CoinMiner.F_2 (Trojan)      
21   CoinMiner.YY (Trojan)      
22   SvcMiner.A_4 (Trojan)

Offline Skuzzy

  • Support Member
  • Administrator
  • *****
  • Posts: 31462
      • HiTech Creations Home Page
Re: Chrome cryptominer extension(s)
« Reply #2 on: December 29, 2017, 03:03:23 PM »
It's just nuts today.
Roy "Skuzzy" Neese
support@hitechcreations.com

Offline AAIK

  • Nickel Member
  • ***
  • Posts: 664
Re: Chrome cryptominer extension(s)
« Reply #3 on: December 29, 2017, 03:43:09 PM »
What is crazier is that the actualy bitcoin clients themselves are trojans. My avast was able to detect it (bitcoin-core), but I think it might of taken a while before it was added to the database.

Offline quig

  • Nickel Member
  • ***
  • Posts: 467
Re: Chrome cryptominer extension(s)
« Reply #4 on: December 29, 2017, 06:19:48 PM »
Chrome users

A couple years ago I wrote some malware that exploited Chrome's use of APPDATA to circumvent the UAC prompt while (FORCED) updating. It took all of an hour in a simple scripting language. There's no use in warning people that use that browser how insecure it is, it will fall on deaf ears even if you provide source code.
« Last Edit: December 29, 2017, 06:22:23 PM by quig »

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9719
Re: Chrome cryptominer extension(s)
« Reply #5 on: December 30, 2017, 03:23:36 AM »
Hmmm... By default “Continue running background apps when Google Chrome is closed” is enabled in the Advanced Settings. I can't tell if the miner apps are included, but better safe than sorry.

I would rather let my computer be used for mining than advertising for financing the websites I visit. However, if that were the case it should be done in an honest and open way and letting me control it. So instead the "please click the ads for support" there would be an announcement saying "10% of your computer resources are being used for mining during your visit on this site". Unfortunately that would only work in an ideal world.

Offline Skuzzy

  • Support Member
  • Administrator
  • *****
  • Posts: 31462
      • HiTech Creations Home Page
Re: Chrome cryptominer extension(s)
« Reply #6 on: December 30, 2017, 06:17:24 AM »
A couple years ago I wrote some malware that exploited Chrome's use of APPDATA to circumvent the UAC prompt while (FORCED) updating. It took all of an hour in a simple scripting language. There's no use in warning people that use that browser how insecure it is, it will fall on deaf ears even if you provide source code.

For some reason, people think because Google created it, it must be secure.  However, one only needs to look at the Android OS to realize Google is very good at creating software which is NOT secure.
Roy "Skuzzy" Neese
support@hitechcreations.com

Offline Bizman

  • Plutonium Member
  • *******
  • Posts: 9719
Re: Chrome cryptominer extension(s)
« Reply #7 on: December 30, 2017, 07:42:21 AM »
--- is very good at creating software which is NOT secure.

That holds true throughout the entire history of personal computing. In the early days of PC's it was somewhat understandable because the development was done by eager hobbyists. Similarly the early viruses served as a proof of skills, leading to a well paid job in the computer business. Not funny that the coders at Google are as naive as their fathers.

Offline ghi

  • Gold Member
  • *****
  • Posts: 2669
Re: Chrome cryptominer extension(s)
« Reply #8 on: December 30, 2017, 09:08:34 AM »
How can i find if i have this program installed? i don't see it at programs or apps on my phone ?
I believe out of all , the btc is quietly tolerated , accepted and introduced; the IMF has been asking for a crypto since '90s and Satoshi Nakamoto is a fictional character .This crypto currencies speculation madness crashes  the systems of values.  Bitcoin reached 20,000$ last weeks, the average annual income in North America / EU is about 2 bitcoins :bhead,i'm sure the temptation is huge to mine it with any means possible, probably Google gets a % ,or is their work;  they are tools of globalist mafia from privacy to financials.
« Last Edit: December 30, 2017, 09:26:58 AM by ghi »

Offline quig

  • Nickel Member
  • ***
  • Posts: 467
Re: Chrome cryptominer extension(s)
« Reply #9 on: December 30, 2017, 10:11:31 AM »
For some reason, people think because Google created it, it must be secure.  However, one only needs to look at the Android OS to realize Google is very good at creating software which is NOT secure.

Yup.

And more and more devices are coming out with locked boot loaders so you can't root them and install customs roms and apps to patch them up and people seem to be just fine and dandy with that.

I have 2 Android devices but there is nothing private or important on either. I could lose them both and only be out the cost of the devices. And Apple isn't any better since they have a publicized back door into everything that they can use for who knows what.

People just don't seem to care anymore.

Offline Maverick

  • Plutonium Member
  • *******
  • Posts: 13958
Re: Chrome cryptominer extension(s)
« Reply #10 on: December 30, 2017, 10:47:34 AM »
Is that a PC related issue or is it also on tablets? My phone and tablet are the only things running chrome.
DEFINITION OF A VETERAN
A Veteran - whether active duty, retired, national guard or reserve - is someone who, at one point in their life, wrote a check made payable to "The United States of America", for an amount of "up to and including my life."
Author Unknown

Offline pembquist

  • Silver Member
  • ****
  • Posts: 1928
Re: Chrome cryptominer extension(s)
« Reply #11 on: December 30, 2017, 11:42:51 AM »
Well the users care but we basically don't know what to do about it! The people whose JOB it is to care don't seem to care and there aren't any consequences for not caring, look at bloody Equifax. I regret not following up on an idea I had when I was 14 back in the seventies, I thought "now is the time to lay in 4 or 5 identities" It seems like that is the only way you could be secure is to have an identity you could walk away from, even then the metadata would probably get you.
Pies not kicks.

Offline Skuzzy

  • Support Member
  • Administrator
  • *****
  • Posts: 31462
      • HiTech Creations Home Page
Re: Chrome cryptominer extension(s)
« Reply #12 on: December 30, 2017, 12:04:54 PM »
Is that a PC related issue or is it also on tablets? My phone and tablet are the only things running chrome.

It is browser related.  Really does not matter what the platform is.
Roy "Skuzzy" Neese
support@hitechcreations.com

Offline quig

  • Nickel Member
  • ***
  • Posts: 467
Re: Chrome cryptominer extension(s)
« Reply #13 on: December 30, 2017, 09:44:07 PM »
Well the users care but we basically don't know what to do about it! The people whose JOB it is to care don't seem to care and there aren't any consequences for not caring, look at bloody Equifax. I regret not following up on an idea I had when I was 14 back in the seventies, I thought "now is the time to lay in 4 or 5 identities" It seems like that is the only way you could be secure is to have an identity you could walk away from, even then the metadata would probably get you.

No, YOU care. The majority of people buying devices these days DO NOT care. They are of the mindset that since they aren't doing anything illegal that they have nothing to hide. It's the same people that post what they had for breakfast or the quality of their last bowel movement on Facebook or Twitter.

There is an entire generation completely and utterly lost on security and they know it... they just don't care.

And that's the problem. Even when you know of an unsafe platform, the old vote-with-your-dollar doesn't get very far when you are outnumbered 100 to 1. 10 years ago this kind of crap would have never have flown (look at Winamp malware [Jan 30, 2006] way back and compare it to the Chrome exploit I mentioned above - one was patched, the other not [at least as far as I know since I haven't installed Chrome recently]). Now it is just normal.

Offline ghi

  • Gold Member
  • *****
  • Posts: 2669
Re: Chrome cryptominer extension(s)
« Reply #14 on: December 30, 2017, 09:58:31 PM »
  It's the same people that post what they had for breakfast or the quality of their last bowel movement on Facebook or Twitter.

 :rofl :rofl

good stuff, thx!