Malwares Designed for Cryptocurrency Mining Emerging as real Threats this year


Chances are that if you are a Google Chrome browser user, and have been using an extension called Archive Poster, you have unwittingly been helping somebody else mine cryptocurrencies! The extension which calls itself a tool for Tumblr users that “allows you to quickly reblog, queue, draft, and like posts right from another blog’s archive” hijacks the PC, and uses the processing power for mining. It is estimated that close to more than 100,000 users have been compromised.
The malware was using Coinhive, a distributed network cryptocurrency mining program, and was mining monero. The extension has since been removed from the Chrome web extensions and apps store. The extension mined the cryptocurrency as long as the browser was open, and executed itself without seeking the user’s permission.
The process, known as cryptojacking could only be stopped by the user by either uninstalling the extension, or by closing the website that was executing the process. According to Troy Mursch, a US based security researcher, the Coinhive cryptojacking code is hidden in a JavaScript file with the URL: https://c7e935.netlify[.]com/b.js
Mursch stated that “b.js summons whchsvlxch[.]site which invokes three websocket sessions (c.wasm) to start the #cryptojacking process,” and that the three session contained the Coinhive configuration options. It is reported that the cryptojacker was embedded in at least four previous version updates of the Archive Poster extension (from to
The company that developed the extension, Essence Labs has confirmed that the extension had code on cryptojacking, but it has also clarified that it was victim of a hacking incident – “An old team member who was responsible for updating the extension had his Google account compromised. Somehow the extension was hijacked to another Google account.”
The growing craze for Bitcoin and other cryptocurrencies has seen the rise of unethical practices with similar examples in the past including that of a mining bot called Digmine which spread through Facebook messenger in Chrome web browser, a Monero mining tool embedded the code for popular streaming service Showtime, and the Laopi malware which targeted Android phones and was discovered by the security firm Kaspersky. It is widely anticipated that such practices would not die down in the coming days.