It's been about six months since cryptojacking exploded, and in that short time the approach has evolved and adapted to initiate illicit cryptocurrency mining in all different ways. Now, Google's taking a stand, announcing Monday that it would begin blocking any Chrome extension submitted to the Web Store that mines cryptocurrency. In July, it will remove existing extensions that currently contain mining functionality.
In theory, cryptojacking can be used for legitimate purposes, like raising revenue for a publishing platform or collecting funds for charitable causes. But in practice, the technology has largely been implemented maliciously, or at least secretly, consuming processing resources on victim devices and potentially interfering with and damaging these targets. Bad actors can use locally installed malware to steal a victim device's computing power, embed miners directly into websites to target casual web users without needing to install anything, or hide miners in the most innocuous applets and tools. Cryptojacking has even found its way into critical infrastructure systems.
Mainstream malware scanners and ad-blockers have blacklisted mining scripts for months now, blocking them as quickly as they can in as many forms as possible. Google developers who work on Chrome have been worried about the problem and considering ways to address it since the fall. But Google had until now allowed mining extensions in the Chrome Web Store as long as they were expressly and solely for mining, and thoroughly informed users about their function. But about 90 percent of the mining extensions developers submitted weren't in compliance, and were either blocked or slipped through before later being later removed.
The inevitable lapses in this policing strategy allowed extensions with hundreds of thousands of downloads to end up cryptojacking users without