Tag Archives: Cryptocurrency Mining

Google Bans Cryptocurrency Mining Browser Extensions

Google recently announced its ban on cryptocurrency mining browser extensions from the Chrome store, adding to their “crypto blackout,” as they also announced in the middle of March their plans to ban cryptocurrency ads.

Google announced on Monday that effective immediately, the Chrome Store will halt acceptance of extensions that mine cryptocurrencies. At the end of June, it will start removing existing browser extensions that enable mining. However, non-mining blockchain extensions are still allowed.

According to Coindesk, Google had previously allowed Chrome mining extensions that were exclusively for mining cryptocurrencies. Unfortunately, that was not enough to prevent non-compliant extensions from participating in “cryptojacking.”

Cryptojacking has become more prevalent in recent months with the general rise of blockchain technology. The scheme itself is when adware, spyware, or an extension secretly uses a person’s laptop or mobile device to mine cryptocurrency. Wired has reported on this increasing cryptojacking issue, noting that “In theory, cryptojacking can be used for legitimate purposes, like raising revenue for a publishing platform or collecting funds for charitable causes.” However, the report highlighted that this technology has been illicit in practice, explaining that that “bad actors can use locally installed malware to steal a victim device’s computing power, embed miners directly into website to target casual web users without needing to install anything or hide miners in the most innocuous applets and tools.”

Google’s decision to enact a sweeping ban of cryptocurrency mining extensions was made because a majority of mining extensions submitted to the store failed their sole usage compliance. At least 90 percent of the mining extensions submitted by developers had reportedly failed Google’s compliance requirements. The Chrome Store extensions that slipped through the cracks received hundreds of thousands of downloads, with many of those users being unwittingly cryptojacked.

James Wagner, Google’s extensions platform product manager, told Wired:

The key to maintaining a healthy extensions ecosystem is to keep the platform open and flexible. This empowers our developers to build creative and innovative customizations for Chrome browser users…This is why we chose to defer banning extensions with cryptomining scripts until it became clear that the vast majority of mining extensions submitted for review failed to comply with our single purpose policy or were malicious.

Clandestine crypto mining malware has compromised systems in the past. In February, Coindesk reported Tesla’s cloud was hit by a cryptocurrency mining malware attack that siphoned off power from their cloud system. The UK was also hit by malware attacks on thousands of websites, including sites owned by the government.

Report: Egyptian Citizens Exploited in Covert Cryptocurrency Mining

According to a new report from researchers at the University of Toronto, entities linked to the Egyptian government may have been hijacking “Egyptian internet users’ unencrypted web connections en masse” to secretly mine cryptocurrency.

According to the detailed report from the University of Toronto Citizen Lab, researchers identified techniques being used to hijack Egyptian citizens’ computers and mobile devices. Egyptian internet users were reportedly being covertly redirected to malware that used their computers to mine Monero cryptocurrency. The Citizens Lab describes itself as an “interdisciplinary laboratory” focused on “research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.”

— Through Internet scanning, we found deep packet inspection (DPI) middleboxes on Türk Telekom’s network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications.

— We found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.

— After an extensive investigation, we matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. We developed a fingerprint for the injection we found in Turkey, Syria, and Egypt and matched our fingerprint to a second-hand PacketLogic device that we procured and measured in a lab setting.

—The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns.

The researchers called the scheme AdHose, which has two modes: spray mode and trickle mode. According to the report:

The Egyptian scheme, which we call AdHose, has two modes. In spray mode, AdHose redirects Egyptian users en masse to ads for short periods of time. In trickle mode, AdHose targets some JavaScript resources and defunct websites for ad injection. AdHose is likely an effort to covertly raise money.

Quartz Media reported the hardware used for implementing AdHose is used for revenue generation as well as a censorship tool. The report stated that the malware blocked certain news outlets such as Al Jazeera, Reporters Without Borders and Human Rights Watch, and redirected users attempting to access certain websites such as former-pornographic website Babylon-X.com and the Coptic Orthodox Church religious website for the pope (CopticPope.org).

Quartz Media explained that with “spray” mode, “any website that affected users tried to visit would redirect their browsers to either an ad network or cryptocurrency mining malware called Coinhive. One scan in January found 95% of devices observed, numbering over 5,700, were affected by AdHose.”

[RELATED: Report: FBI Paid Geek Squad Employees to Spy on Customers]

University researchers conducted tests that identified AdHose middleboxes in a Telecom Egypt “demarcation point,” which may provide evidence of a connection to the Egyptian government, as Telecom Egypt is state-owned.

The maker of the hardware is a Canadian company called Sandvine; the Citizen Lab researchers noted that Sandvine called their report “false, misleading, and wrong.” Sandvine also issued a statement to CoinDesk:

Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading….We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products.

The researchers reached out to Sandvine and its owner Francisco Partners for comment on the discovery. They received a response stating:

A key part of the Sandvine’s innovation process is to ensure that we do not lose sight of the ethical impact of our technology on human rights, freedom of speech, and privacy. Sandvine has taken the approach on regulating access to the components of our solutions that could be sued to infringe on any of these. The usage of our regulatory compliance solutions is controlled by an EULA and software licenses that are required for any components that could conceivably be used to violate human rights, freedom of speech, and privacy.

However, the report stated that Sandvine referred to confidentiality issues as it refrained from commenting on business dealings in Egypt or Turkey. Business dealings with these countries would appear to contradice Sandvine’s Business Ethics Committee review process, in which it has used the World Bank Index to review sales with partners, stating they use “strong safeguards” that Sandvine asserts it maintains “regarding social responsibility, human rights, and privacy rights.”

“We emphasized that we were confident in our research findings, which two independent peer reviews confirmed,” the researchers at Citizens Lab maintained.