Named Archive Poster, this extension has more than 100,000 users. For the past few weeks, the extension has been deploying an in-browser cryptocurrency miner without showing the users any form of notification or asking for their permission.
Archive Poster is a mod for Tumblr that allows users to reblog or like posts from other blog’s archive. Just like other instances in the past, including Pirate Bay and SafeBrowse, Archive Poster was also found making efforts to mine Monero cryptocurrency.
Are you one of the 105,062 users? pic.twitter.com/quhHxZFgyf
— Bad Packets Report (@bad_packets) December 29, 2017
As reported by Bleeping Computer, the extension started using the Coinhive miner in its source around the start of December. The users also gave the extension bad reviews but Google didn’t take any prompt action.
Here’s the latest update:
However, as per the latest update, Archive Poster is nowhere to be seen on Chrome Web Store and its link is returning a 404 Error. So, it’s possible that Google has finally noticed the treacherous act and took action.
“An old team member who was responsible for updating the extension had his Google account compromised,” Essence Labs, the developers of extension, said in an email to PCMag. “Somehow the extension was hijacked to another Google account.” They have also released a new version of the extension named “[Safe] Archive Poster.”
In case you’re running the rouge extension, you can delete it from the list of extensions in your web browser. Also, we advise you to choose browser extensions carefully and report any suspicious activities to the developers and Google. You can also use different methods to block cryptojacking and stop non-consensual usage of your CPU power.