Google will now block extensions on the Chrome Web Store that mine cryptocurrency.
In the blog post announcing the decision, James Wagner, extensions platform product manager at Google, said that the company identified a rise in malicious extensions that were hurting the user experience, heating up devices and consuming processing power by running resource-intensive cryptocurrency mining scripts.
The announcement follows the decision by Apple less than a month ago to remove Calendar 2 from its Apps Store for mining Monero by default, as reported by Ars Technica.
The problem is considerably widespread, according to a recent 13-page report from Sophos, which found apps containing CoinHive-based miners in Google’s app store at the start of 2018.
“The rise of CoinHive and CoinMiner comes after the recent discovery of Loapi, which masquerades as popular antivirus apps or an adult content app,” the report explains. “It downloads and installs several modules, each of which performs a different malicious action such as sending device information to a remote server, stealing SMS, fetching advertisements, crawling webpages, creating a proxy and mining Monero.”
By June, every extension with a mining function will be removed by Google as well, while extensions with blockchain-related purposes will be permitted to remain.
“The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome,” wrote Wagner. “Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users.”
While Apple's guidelines have been clear from the start, with guideline 2.4.2 informing developers to apps should not rapidly drain the battery, generate excessive heat, or put unnecessary strain on device resources, Google's guidelines have permitted cryptocurrency mining in extensions as long as the users have offered consent and the extensions serve one purpose.
"Google made the right decision to remove these guys who violated the terms and conditions," said Stephen Tompkins, VP of media activation, APAC at Essence. "Additionally, as a company, we don't work with these bad actors and as new methods remain we adapt and stay ahead of them."