Google looks to provide better protection against crypto malware

This past April, Google announced that it would prohibit all cryptocurrency mining extensions from the Chrome Store, as well as from the Google Play Store. The move was designed to prevent users from unwittingly installing programs that could mine cryptocurrencies and other types of malware. The ban was only partially effective, as some mining apps have still been found as recently as last month. Now, the tech giant is looking to make it even more difficult for the scammers and has introduced rules that are even more controlling.

Google announced on Monday in a blog post that it was implementing a number of changes to how Chrome handles extensions. The changes target those extensions that request an extensive amount of permissions and will require more oversight by the Google team. The company explained in the post, “It’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions’ capabilities and data access.”

The latest version of Chrome, Chrome 70, will incorporate the new changes. The browser version is currently in beta tests and, when live, will allow users to prohibit certain types of access requested by an extension. They will also be able to require the extension to request permission each time it wants access to a particular page. Google added that the extensions that require “powerful permissions” will be further scrutinized by Google before being approved.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional … Our aim is to improve user transparency and control over when extensions are able to access site data,” stated Google.

The Chrome Store now also prohibits any extensions that contain obfuscated code. Any extensions currently offered through the platform have 90 days to have their code altered or they’ll be removed. Google said that 70% of “malicious and policy violating extensions” that it has blocked from the Chrome Store contain obfuscated code.

To enhance security and customer protection, Google is also going to implement 2-step verification for extension developers’ accounts. The company says this will reduce the risk of hackers being able to take over the accounts and add malicious code to the extensions.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Google looks to provide better protection against crypto malware appeared first on Coingeek.

Read More

25 apps hosting cryptojacking scripts found on Google Play Store

SophosLabs claims to have identified at least 25 Android apps published on the official Google Play Store containing scripts that facilitate cryptojacking activities on users’ computers.

In its report, the company noted that the apps in question have “been downloaded and installed more than 120,000 times.”

The report comes some two months after Google announced that it would no longer allow apps that mine cryptocurrency on devices. According to SophosLabs, the malicious malware were included in different applications—from educational to gaming and utility apps.

Out of the 25 apps, 22 were found to have an implementation of Coinhive’s code. The Coinhive script allows hackers to mine privacy-centric coin, Monero (XMR), without the knowledge of the device’s user. Meanwhile, Lighton and Mobeleader were discovered to have been hosting crypto mining scripts on their servers “presumably to thwart firewalls or parental controls/reputation services that might block Coinhive’s domain by default.”

Another app called A Paintbox for Kids was also found to have been running Xmrig, which was described as an open source CPU miner that can mine not just XMR but several other cryptocurrencies as well.

Source: SophosLabs

According to SophosLabs report, apps containing the cryptojacking malware include Trance Droid by Happy Appys; Palkar by Palpostr.com; LHDS Vendors published by Taste of Life Group; Mobeleader from Abser Technologies; Helper for Knight Game from Evgeny Solovyov; and Dizi Fragmanları İzle from Oguzhan Kivrak.

The report also identified apps Game Viet 2048 from Thanhtu Media, Afterlife: RPG Clicker CCG by Levius LLC, Dominoes Games from Fun Board Games, A Paintbox For Kids by Uwe, Tapbugs and Dreamspell apps by Riccotz, Info Guru Pendidikan by Cakrawala Pengetahuan, and Lighton by Buyguard.

Meanwhile, 11 apps from Gadgetium were also found to contain an HTML page with a Coinhive-based miner. The apps were “preparation apps for standardized tests given in the U.S., exams such as the ACT, GRE, or SAT,” according to SophosLabs.

Google has clamped down on cryptocurrency activities that it deemed were harmful to customers. Earlier this year, Google banned the advertisement of cryptocurrencies and their related products. During this period, other platforms like Facebook and Twitter also banned cryptocurrency advertisements on their platforms. In April, some of Google’s platform like the Chrome Web Store banned cryptocurrency mining extensions.

Recently, it was reported that Google is planning to soften its stance on cryptocurrency. Google announced that it was going to update its crypto ads policy, as part of its bid to work more closely with regulated institutions in the United States and Japan.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post 25 apps hosting cryptojacking scripts found on Google Play Store appeared first on Coingeek.

Read More

Google lifts ban on crypto ads for US, Japan regulated firms

Google has unbanned on cryptocurrency ads on its platform, with a view to working more closely with regulated institutions in the United States and Japan.

The decision marks a reversal of the ban initiated back in March, with the company at the time saying the move was designed to limit the harm, or the ‘potential for consumer harm’ posed by the sector. A senior executive at Google, Scott Spencer, was quoted at the time as saying the firm was taking pre-emptive action with the ads ban to protect consumers.

According to Spencer, “We don’t have a crystal ball to know where the future is going to go with cryptocurrencies, but we’ve seen enough consumer harm or potential for consumer harm that it’s an area that we want to approach with extreme caution.”

However, the move was widely criticised, including amongst key voices in the financial sector.

Philip Nunn, CEO of Manchester investment company Blackmore Group, said the blanket ban was too heavy handed an approach, especially in light of other types of ads still running on Google’s ad platform.

“I understand that Facebook and Google are under a lot of pressure to regulate what their users are reading, but they are still advertising gambling websites and other unethical practices,” Nunn told UK’s The Independent. “Unfortunately, the fact that this ban is a blanket ban will mean that legitimate cryptocurrency businesses which provide valuable services to users will be unfairly caught in the crossfire.”

Now, with regulated companies invited back onto the ads platform, the expectation is that legitimate cryptocurrency businesses will now be permitted to advertise on Google and related services.

According to CNBC, the decision comes into effect from October, with companies required to demonstrate regulatory approval before their ads will be published. Ads will then be manually approved before going live.

While this will initially apply only in the U.S. and Japan, there is the expectation of a wider rollout of the ban reversal internationally in due course.

With Google now rolling back on its previous approach, it remains to be seen whether Facebook will also consider similar moves towards embracing regulated cryptocurrency institutions.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Google lifts ban on crypto ads for US, Japan regulated firms appeared first on Coingeek.

Read More
Top