Be Informed And Earn: This Firefox Extension Injects Crypto-Miner In Your Browser/PC

Sunday, February 4, 2018

This Firefox Extension Injects Crypto-Miner In Your Browser/PC

The other day I noticed that my computer has been performing strange, the CPU fan makes a louder noise than usual and the battery doesn't last up to 1 hour anymore. I backtracked my actions, pulled up my Windows task manager and inspected my computer, then I founded out that my PC has been infected with a cryptocurrency miner.
This Firefox Extension Injects Crypto-Miner In Your Browser/PC
 It was indeed a shocker!!! then I began to wonder how on earth I caught this nasty piece of worm (codes) into my PC, then I did some research about the problem and landed on Lawrence Abrams Bleeping computer's page. 

That was when I recalled that I had earlier installed a browser extension called image previewer to my PC and that was how I obliviously caught the crypto miner whose job is to over task my PC and makes a significant amount of dollars for the owner of the miner.

This is indeed the first time a Firefox extension has been reported to have a serious ulterior motive besides the purpose of making. This extension is called Image Previewer and from an honest point of view, what else can you use an image previewer to do besides viewing pictures on your browser/PC?

But secretly, what this extension does is to infect your systems while the addon spreads via malicious websites that pretend to deliver a manual Firefox update while you will be seeing a constant login screen on your browser.

When a user gets obliviously installing the update, the Image Previewer Addon is added to the browser. Once installed, the addon injects an iframe to a JS file that earns dollars via ad injection, link clickjacking, and popups and sends thousands of dollars to the hackers bitcoin address, which by the way is untraceable.

The next step that the malware executes is to download the setup script for in-browser Monero miner. The xmr.main.min.js script contains the base64 encoded WebAssembly code that runs and mines Monero digital coins by exploiting 50% of CPU processing power!!!.
This Firefox Extension Injects Crypto-Miner In Your Browser/PC

However, I managed to remove the extension via the traditional way of removing an extension, by going to the Firefox menu and deleted the Image Previewer add-on. But I wasn't entirely convinced that the threat's been eliminated so I did a full clean Windows 10 installation.

My advice is this:  If you’re running Firefox and it’s consuming tons of memory, it’s advisable to perform a quick check. Users are also advised to only install extensions from official Mozilla Add-on repository.

Also Read:   Breach Alerts in Firefox Quantum Will Warn If You Visit An Unsafe/Hacked  Website

If You Enjoyed this Post, Kindly take 5 Seconds and Share it With Your Friends on

No comments:

Post a Comment

***We ❤ to hear from you, Tell us Your views and opinion. Please note that comments are always moderated, Abusive comments won't be approved, and spammy comments are deleted automatically