It’s been about six months since cryptojacking exploded, and in that short time the approach has evolved and adapted to initiate illicit cryptocurrency mining in all different ways. Now, Google’s taking a stand, announcing Monday that it would begin blocking any Chrome extension submitted to the Web Store that mines cryptocurrency. In July, it will remove existing extensions that currently contain mining functionality.
In theory, cryptojacking can be used for legitimate purposes, like raising revenue for a publishing platform or collecting funds for charitable causes. But in practice, the technology has largely been implemented maliciously, or at least secretly, consuming processing resources on victim devices and potentially interfering with and damaging these targets. Bad actors can use locally installed malware to steal a victim device’s computing power, embed miners directly into websites to target casual web users without needing to install anything, or hide miners in the most innocuous applets and tools. Cryptojacking has even found its way into critical infrastructure systems.
Mainstream malware scanners and ad-blockers have blacklisted mining scripts for months now, blocking them as quickly as they can in as many forms as possible. Google developers who work on Chrome have been worried about the problem and considering ways to address it since the fall. But Google had until now allowed mining extensions in the Chrome Web Store as long as they were expressly and solely for mining, and thoroughly informed users about their function. Nonetheless, about 90 percent of the mining extensions developers submitted weren’t in compliance, and were either blocked or slipped through and then needed to be removed later.
The inevitable lapses in this policing strategy allowed extensions with hundreds of thousands of downloads to end up cryptojacking users without their knowledge.
“The key to maintaining a healthy extensions ecosystem is to keep the platform open and flexible. This empowers our developers to build creative and innovative customizations for Chrome browser users,” says James Wagner, Google’s extensions platform product manager. “This is why we chose to defer banning extensions with cryptomining scripts until it became clear that the vast majority of mining extensions submitted for review failed to comply with our single purpose policy or were malicious.”
The ban likely won’t eliminate the problem on its own, since attackers have been increasingly developing ways to conceal an extension’s mining functionality until after it gets Chrome Web Store approval. But the step makes Google’s requirements much more clear, and seems to be a commitment that the company will scrutinize extensions more closely for possible mining components. Wagner says that extensions with other types of blockchain functionality will still be permitted.