For the first time, a Firefox add-on has been spotted that injects an in-browser miner. Detected by Bleeepingcomputer’s Lawrence Abrams, this extension is called Image Previewer. To infect the systems, the addon spreads via malicious websites that pretend to deliver a manual Firefox update.
When a user gets tricked into installing the update, the Image Previewer Addon is added to the browser. Once installed, the addon injects an iframe to a JS file that earns dollars via ad injection, link clickjacking, and popups.
The next step involves downloading the setup script for in-browser Monero miner. The xmr.main.min.js script contains the base64 encoded WebAssembly code that runs and mines Monero digital coins by exploiting 50% of CPU processing power.
To remove the extension, you can access the Firefox menu and delete the Image Previewer add-on. If you’re running Firefox and it’s consuming tons of memory, it’s advisable to perform a quick check. The users are also advised to only install extensions from official Mozilla Add-on repository.
Will cryptojacking turn out to be the biggest threat of 2018? Let us know your views and stay safe.
