Chrome plugin installs miner and uses victim's Gmail to register domains

12/19/2021 Celestine Spencer No Comments

Chrome plugin installs miner and uses victim’s Gmail to register domains

The malicious Ldi extension has now been removed from the Chrome Web Store.

As the Chrome browser grows in popularity, the number of malicious extensions for it is also growing. Attackers use “clones” of popular plugins to deliver ads, malicious extensions to spoof search queries, or embed a Coinhive cryptocurrency miner in the browser.

IS expert Lawrence Abrams discovered the Ldi plugin, which takes malicious extension activity to the next level. Ldi not only installs the Coinhive miner in the browser, but also uses the victim’s Gmail account to register free domains using the Freenom service.

The extension was distributed via sites with JavaScript notifications urging the user to install the plugin. When the user tried to close the notification, the Ldi page in the Chrome Web Store was automatically opened. The product description was uninformative. “Don’t know if your homepage is compatible with your Mac? Find out with Ldi,” the description of the plugin read. The malicious extension has now been removed from the Chrome Web Store.

The Pirate Bay and Showtime websites were among the first to be caught using Coinhive. A total of 220 sites are secretly mining cryptocurrencies.

Post Tagsdesgin develop Popular usability ux

+13605796589

Apple, Mozilla, Google, and Microsoft standardize extensions

Installing Safari Extensions on your Mac

Recent Post

Building a Thriving Developer Сommunity: Strategies for Engaging Users and

Firebase Сrashlytiсs: Analyzing and Resolving App Сrashes in Real-Time

Google Play Сonsole Updates: What Developers Need to Know

Categories

Opening Hours

Spanish startups to keep an eye

Building a Thriving Developer Сommunity: Strategies

Firebase Сrashlytiсs: Analyzing and Resolving App