Google looks to provide better protection against crypto malware

Getting your Trinity Audio player ready...

This past April, Google announced that it would prohibit all cryptocurrency mining extensions from the Chrome Store, as well as from the Google Play Store. The move was designed to prevent users from unwittingly installing programs that could mine cryptocurrencies and other types of malware. The ban was only partially effective, as some mining apps have still been found as recently as last month. Now, the tech giant is looking to make it even more difficult for the scammers and has introduced rules that are even more controlling.

Google announced on Monday in a blog post that it was implementing a number of changes to how Chrome handles extensions. The changes target those extensions that request an extensive amount of permissions and will require more oversight by the Google team. The company explained in the post, “It’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions’ capabilities and data access.”

The latest version of Chrome, Chrome 70, will incorporate the new changes. The browser version is currently in beta tests and, when live, will allow users to prohibit certain types of access requested by an extension. They will also be able to require the extension to request permission each time it wants access to a particular page. Google added that the extensions that require “powerful permissions” will be further scrutinized by Google before being approved.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional … Our aim is to improve user transparency and control over when extensions are able to access site data,” stated Google.

The Chrome Store now also prohibits any extensions that contain obfuscated code. Any extensions currently offered through the platform have 90 days to have their code altered or they’ll be removed. Google said that 70% of “malicious and policy violating extensions” that it has blocked from the Chrome Store contain obfuscated code.

To enhance security and customer protection, Google is also going to implement two-step verification for extension developers’ accounts. The company says this will reduce the risk of hackers being able to take over the accounts and add malicious code to the extensions.