Posted on

Be Warned: The Latest MEGA Chrome Extension Will Steal Your Monero

Angry people are going on a rage on Twitter and Reddit, and that’s because the latest MEGA Chrome extension has been found to do something bad to its users. Apparently, the extension has been compromised by hackers and it can now be used for criminal activities.

Besides stealing other users’ sensitive personal information like logins to sites like Amazon, Google, Amazon, and Microsoft, the extension can also steal users’ cryptocurrencies especially Monero (XMR). According to posts noted on Reddit and Twitter, the extension version 3.39.4 is no good for anyone serious about keeping their Monero (XMR) coins safe.

From Security To Nightmare

Interestingly, the extension tool is supposed to improve user experience by facilitating secure cloud storage and boosting page loading speeds. On the contrary, that’s no longer the case as the extension seems to have been taken over by people with ulterior motives. On Twitter, Monero’s (XMR) account posted a message warning its users against using the particular Chrome extension.

According to a Reddit user who alerted Monero’s Reddit presence about the vulnerability, the Redditor became suspicious of the extension after Chrome asked them to grant new permissions after an apparent update to the said extension, something that this smart user found very weird and off. Curious to dig deeper, the user checked the extension’s JavaScript code, and that’s when they found the malicious code that seemed to target GitHub and Google Webstore.

XMR Is Targeted

Monero (XMR) is famed to be one of the best cryptos in terms of fostering privacy, and its transactions are believed to be virtually untraceable. However, that hasn’t stopped hackers and other illegal operators from targeting it. With a market capitalization totaling upwards of $2 billion, Monero holds position 10 as one of the largest cryptos in the world.

There have been several incidents where hackers stole the computational power of website surfers to mine the cryptocurrency. Back in June, John McAfee reported that he had unearthed 2.9 million versions of malware used to mine XMR via web browsers. In September 2017, reports emerged that Russian hackers had managed to install malware on over 9,000 computers in the course of 2 years. The malware was used to mine Zcash (ZEC) and Monero (XMR). The XMR coins mined alone were valued at $209,000.

Believed to be as a result of the outrage about the extension’s insecurity, the MEGA Chrome extension version 3.39.4 seems to have been pulled off Chrome’s download page and it’s no longer available for download.

The post Be Warned: The Latest MEGA Chrome Extension Will Steal Your Monero appeared first on Ethereum World News.

Posted on

Monero (XMR) Coinhive Miner Rakes In Over $120,000 A Month

Many individuals fall under the false impression that crypto mining operations are solely operated by large corporations with data centers that can be likened to a mansion. However, this is far from the case, as there are methods of mining that can be used to garner cryptocurrencies, like Monero, through any old computer system.

Image from Marco Verch

One such method is through Coinhive, which is a Javascript-based miner that is often situated on sites across the web. For those who are unaware, Coinhive, which was released in 2017, is a Monero-focused mining script that is specifically targeted at websites looking to make money without running advertisements. Although there has been a dramatic decrease in the prices of cryptocurrencies, Monero included, the script is still used en-masse today.

According to a report from Germany’s RWTH Aachen University, which was relayed by The Next Web, Coinhive-based miners make up a hefty 1.18% of the total hashing power of the Monero blockchain. While 1% may not sound like anything extraordinary, it is surprising considering that the crypto mining industry is backed by billions of dollars. Moreover, Monero miners account for 75% of all browser-based crypto mining operations.

Upon further discussion, academics noted that after an in-depth analysis of the Monero network that Coinhive could generate upwards of 300 XMR each week. This translates to approximately $29,000 a week, $120,000 a month, and $1.4 million each year at August 17th prices (1 XMR = $96). The report elaborated, noting:

“If we sum up the block rewards of the actually mined blocks over the observation period of [four] weeks, we find that Coinhive [sic] earned 1,271 XMR.”

While website owners utilizing the script have been raking in XMR, the developers behind CoinHive also integrated a function where they get 30% of all mined cryptocurrencies. As such, it is speculated that the developers behind the project have garnered hundreds of thousands of dollars in XMR since its release.

Hackers And Coinhive’s ‘Short Link’ Feature

Despite Coinhive’s developers originally creating the script with good intent, it quickly became a method for hackers acting in malintent to buff their own cryptocurrency wallets. These hackers often secretly integrate Coinhive code onto websites to infect thousands of computers, forcing the devices of unsuspecting victims to mine for a hacker’s personal gain. This is an attack vector of choice because setting up an XMR Coinhive miner is relatively easy and transactions are kept confidential on the Monero blockchain.

According to the aforementioned report, CoinHive can operate using a so-called ‘short link’ system, where a user is required to unknowingly or knowingly submit a varied amount of hashes to the Monero network to reach a specific website.

Upon analysis of the nearly two million active short links, academics found that a majority of these short links are directed to shady sites, indicating how widespread the cryptojacking dilemma may have become. Additionally, the majority of the XMR garnered through the aforementioned two million short links are reportedly directed to 10 individuals.

To stop your computer from being cryptojacked, either through short links, malicious download or infected websites, security researcher Troy Mursch recommends the minerBlock browser extension, that utilizes a Javascript detector to stave off all cryptojacking attempts.