Google has removed the Chrome extension that was caught mining cryptocurrency, Scroll.in reported.
Archive Poster, a widely used extension which allowed Tumblr users to "reblog, queue, draft, and like posts right from another blog's archive" was said to be hijacking the CPUs of over 1,05,000 users to secretly mine Monero (XMR/USD) cryptocurrency.
In several reviews since the beginning of December, users had complained that the extension was indulging in “cryptojacking.” The extension kept mining the cryptocurrency until the browser was open and did not prompt any permission from the users.
After the extension was taken down, another extension ‘[SAFE] Archive Poster’ has emerged. Offered by ‘Archive Poster’, the extension does not provide any screenshot of how it works, which raises serious concerns about the reliability of the extension.
According to the report by BleepingComputer, security researcher Troy Mursch was the first to identify that the Coinhive cryptojacking code could be found in a JavaScript file present from the following URL: https://c7e935.netlify[.]com/b.js.
The report also claimed that this hidden cryptojacker had been present on at least four previous updates of the Archive Poster extension - from 4.4.3.994 to 4.4.3.998.