Chrome Extension Delivers Coinhive to Unsuspecting Users
A security researcher recently discovered that the Archive Poster Chrome browser extension contained Coinhive, a cryptocurrency mining script designed to mine Monero cryptocurrency. Available from the official Chrome Web Store, Archive Poster is a tool designed to assist Tumbler users with reblogging and reposting from archived pages and it is reportedly used by more than 100,000 people. The extension has contained an in-browser cryptocurrency miner for at least the previous four versions, including 188.8.131.524 to 184.108.40.2068. The NJCCIC recommends users who installed Archive Poster uninstall the extension immediately and consider installing a reputable ad-blocking and/or script-blocking extension. We also recommend exercising caution when installing browser extensions and closely monitoring system CPU usage for spikes in activity after installation. If your system has already been impacted by this threat, block the offending website(s), close the web browser, and perform a system reboot to ensure that all associated mining operations have ceased.