Per its description, “Archive Poster” is a Google Chrome extension meant to allow Tumblr users to “reblog, queue, draft, and like posts directly from another blog’s archive.” What wasn’t mentioned was that starting in December, it also hijacked users’ computers to mine the cryptocurrency monero, a currency similar to bitcoin but much more anonymous (and therefore much more attractive to anyone who doesn’t want their transactions monitored).
As reported by Bleeping Computer, the extension included an update last month that introduced the Coinhive in-browser miner. This meant that the roughly 105,000 users of Archive Poster were mining for cryptocurrency as long as they were using Chrome — a practice known as “cryptojacking.” Coinhive was also used by torrenting site the Pirate Bay to mine for cryptocurrency from visitors.
The creator of the extension, Essence Labs, say they were hacked. “An old team member who was responsible for updating the extension had his Google account compromised,” Essence Labs wrote in an email to PC Mag. “Somehow the extension was hijacked to another Google account.”
Google was largely unresponsive when users noticed that Coinhive had been inserted into the extension’s source code. One user even posted to the Google Chrome Help Forum about the problem, confirming that the extension was cyrptojacking, only to be told to either “get in touch with the extension developer for further assistance” or “report the extension” via a web form.
While Archive Poster has been taken down from the Chrome Web Store, a new version called “[SAFE] Archive Poster” is now available. There’s no information on how this extension works, and it doesn’t appear to come from Essence Labs, so we’d definitely advise staying away. And if you are still using Archive Poster, uninstall it ASAP.