Google recently announced its ban on cryptocurrency mining browser extensions from the Chrome store, adding to their “crypto blackout,” as they also announced in the middle of March their plans to ban cryptocurrency ads.
Google announced on Monday that effective immediately, the Chrome Store will halt acceptance of extensions that mine cryptocurrencies. At the end of June, it will start removing existing browser extensions that enable mining. However, non-mining blockchain extensions are still allowed.
According to Coindesk, Google had previously allowed Chrome mining extensions that were exclusively for mining cryptocurrencies. Unfortunately, that was not enough to prevent non-compliant extensions from participating in “cryptojacking.”
Cryptojacking has become more prevalent in recent months with the general rise of blockchain technology. The scheme itself is when adware, spyware, or an extension secretly uses a person’s laptop or mobile device to mine cryptocurrency. Wired has reported on this increasing cryptojacking issue, noting that “In theory, cryptojacking can be used for legitimate purposes, like raising revenue for a publishing platform or collecting funds for charitable causes.” However, the report highlighted that this technology has been illicit in practice, explaining that that “bad actors can use locally installed malware to steal a victim device’s computing power, embed miners directly into website to target casual web users without needing to install anything or hide miners in the most innocuous applets and tools.”
Google’s decision to enact a sweeping ban of cryptocurrency mining extensions was made because a majority of mining extensions submitted to the store failed their sole usage compliance. At least 90 percent of the mining extensions submitted by developers had reportedly failed Google’s compliance requirements. The Chrome Store extensions that slipped through the cracks received hundreds of thousands of downloads, with many of those users being unwittingly cryptojacked.
James Wagner, Google’s extensions platform product manager, told Wired:
The key to maintaining a healthy extensions ecosystem is to keep the platform open and flexible. This empowers our developers to build creative and innovative customizations for Chrome browser users…This is why we chose to defer banning extensions with cryptomining scripts until it became clear that the vast majority of mining extensions submitted for review failed to comply with our single purpose policy or were malicious.
Clandestine crypto mining malware has compromised systems in the past. In February, Coindesk reported Tesla’s cloud was hit by a cryptocurrency mining malware attack that siphoned off power from their cloud system. The UK was also hit by malware attacks on thousands of websites, including sites owned by the government.