Home News Chrome Extension Mines for Monero Cryptocurrency Without the User’s Approval

Chrome Extension Mines for Monero Cryptocurrency Without the User’s Approval


SafeBrowse is a popular Google Chrome extension that is supposed to let you browse without dealing with ads or annoying URL redirectors such as Linkbucks or Adfly. The extension had over 140.000 users but now people discovered that SafeBrowse used their computers to secretly mine for Monero, ruining the performance of your PC.

SafeBrowse has been in the public eye before

Back in November 2015, Detectify Labs took a look at various popular extensions for Chrome and they discovered some worrisome things. Those extensions, including SafeBrowse have been loading analytics code that allowed them to track the users across the web. This was done without the approval of the users.

Secret Monero miner

Now it appears that a recent SafeBrowse update came with something hidden, an additional code that used the users’ computers to mine for Monero cryptocurrency without asking for their consent. This drained the CPU and the computers became slower than before. Users soon noticed the bitcoin miner and the huge CPU usage and they reported them in the reviews.

The code of the extension had an embedded Coinhive JavaScript Miner. The miner worked only for Monero and users were unknowingly creating a profit for someone else.

Since Google Chrome extensions have auto-upgrade, any user that has SafeBrowse installed is a victim.

Google removed the extension and SafeBrowse came with an explanation

It appears that the extension has been removed so that no one can install it. The SafeBrowse team declared that hackers are to blame for the hidden code and they deny any involvement: “Unfortunately we have no knowledge, apparently has been a hack. I’m currently researching, I have already contacted the Google team. The extension has not received an update for months, so I do not know what it’s all about.”