Welcome to Digitalcutlet

SafeBrowse Chrome Extension Allegedly Hacked to Covertly Mine Cryptocurrency on Users’ PCs


Users of the SafeBrowse extension for Chrome started noticing heavy CPU usage and PC slowdowns after updating to version 3.2.25. The extension claims to protect users by disabling ads that cover the entire screen and bypassing interstitial ads used by URL redirectors such as Adfly and Linkbucks. However, the latest update seems to include a feature that would qualify as malware on its own.

Security tracking site Bleepingcomputer discovered a JavaScript app embedded in the update that acts as a miner for the Monero cryptocurrency, harnessing the CPU power of PCs running the extension but earning money only for SafeBrowse’s authors. Bleepingcomputer has published screenshots of the Windows Task Manger showing a spike in CPU usage at the time the extension was installed, as well as Chrome’s own task manager showing 61.6 percent CPU usage caused by the SafeBrowse extension’s thread. The PC used for the test immediately began behaving sluggishly, and applications started failing to respond. The site has also collected user reviews left in the Chrome Web Store complaining that the extension has made people’s computers run slowly.

The extension is effectively acting as malware, turning PCs into zombies that are part of a giant worldwide botnet. While there might not be any malicious intent, users are unwittingly suffering while someone else makes money.

SafeBrowse now appears to have been taken down from the Chrome Web Store, as searches now lead to a 404 error page but Google still caches the original page, which shows that the extension had over 140,000 users as of September 19. The SafeBrowse team has responded to the controversy claiming that it has not released any updates for several months and this must be the work of a third-party hacker. Version 3.2.1 is the last updated listed on the official website. If true, this opens up the possibility of other Chrome extensions being used as vectors to infect millions of PCs worldwide despite Google’s best efforts.

Users who have SafeBrowse installed can get rid of it by going to the Extensions page which is found under More Tools in the Chrome menu, or by right-clicking its icon next to the address bar and selecting Remove from Chrome.

Just a few days ago, The Pirate Bay was found to have done almost exactly the same thing, running a JavaScript currency miner on some pages. The site’s operators claimed that it was an experiment with the intention of seeing whether ad revenue could be replaced.