The peak of cryptocurrencies also brings problems in the form of malware. The hidden miners are quite present on the different platforms. This can very negatively affect the good functioning of the equipment. They consume resources and make the component suffer a great amount of wear and tear. This is why miner blockers have also emerged. In this article we speak of a false extention for blocking miners which play videos in the background.
False MinerBlock Extention
The security investigator Bryan Campbell has discovered a malicious Chrome extention which is made to pass as a legitimate Minerblock extention. The legitimate MinerBlock extention is used for blocking pages that use cyptocurrency mining on the browser. For its part, the recently discovered false extention makes it so Chrome plays videos in the background repeatedly without the users knowing.
The pages with this Chrome extention have some differences. In the imposter is contained text in russian. Also we can see that the developer is different. In the case of the legitimate extention it is CryptoMineDev, while the imposter is egopastor2016.
In terms of appearance, the two are similar. They have the same option interface, for example. Mind you, the icon and the version are different.
In the functionality is where things change. While the MinerBlock original is designed for blocking access to known miner sites, the malicious version is used for playing videos constantly in the background.
It is not known for certain why the extention plays videos constantly in the background, but it could be to make fraudulent clicks or to artificially augment the visits.
When it starts, the malicious extention connects to the site egopastor.biz and retrievs a set of “tasks”. These tasks will determine which options the extention will use and the URL to which it must connect.
The extention begins at connection to the specified URL, which at this point makes the videos play from varios Russian sites. When one plays the video, it will make the CPU use shoot to 100% and later will fall again to 0 when the video has stopped playing.
Basically it doesn’t act very different to that which a cryptocurrencies miner does on the web. It also consumes resources of our equipment. Something that without doubt can notably affect the components.
For those that may have this version installed, you can (and should) remove it easily by right clicking on its icon and selecting delete.
Because each time it is more common that the malicious extentions become legitimately known, it is important that all of the users have caution upon installing the extentions. Before installing anything, one must make sure to read the reviews carefuly and that the extention that we are installing is correct.
We must always download applications from official pages. This way we assure that the we are truly installing something legitimate.
As we always say, security is a key aspect to our equipment. We must have it updated. This way we will be able to confront possible recent threats that put good functionality at risk.