[2018-10-4]Google’s Ban of Obfuscated Code From Web Store Extensions Likely to.

[herminio]

Google’s Ban of Obfuscated Code From Web Store Extensions Likely to Affect Cryptojackers

Google’s new restrictions on Chrome Web Store extensions introduced Monday, October 1, are likely to affect cryptojackers.

In a blog post, Google confirmed that as of now, Chrome extensions submitted to the Web Store would not be allowed if they contained “obfuscated” code.

Aside from the security implications, obfuscated code, which the post describes as “mainly used to conceal code functionality,” “adds a great deal of complexity” to the process of reviewing extensions for approval.

Cryptojackers rely on the clandestine insertion of malicious malware into scripts, allowing them to mine for cryptocurrencies without those being hacked noticing. In May, cybersecurity firm Radware reported on several crypto mining malware Chrome extensions that had “inject[ed] a short, obfuscated malicious script” in order to “bypass Google’s extension validation checks.”


Readmore

[milewilda]

And with that Ban it did really give out some serious numbers basing on the report.

“Today over 70% of malicious and policy violating extensions that we block from Chrome Web Store contain obfuscated code.”

This is just typically worth to be done to those Cryptojackers.This is indeed a good news.

[Kemarit]

Well its about time that they make some adjustments. They should have at least stop it when it reach some threshold like 50%. But it has gotten around 70% and cryptojackers benefited from their lax policy. Its going to be difficult but they have all the resources so I hope they really clean up their own backyard, and not let those cryptojackers have their way. Good move from Google.

[1Referee]

Its going to be difficult but they have all the resources so I hope they really clean up their own backyard, and not let those cryptojackers have their way. Good move from Google.

It might help to some degree initially, but the bad actors will always find a way to work around these measures. I have yet to find any law or measure forced through by whatever government or large internet company to be successful for longer than a couple of months. Google failed hard with its crypto ad ban with how little of an effect it really had.

To this day I keep reporting the same scam ads I see, but they remain online without anything even happening. It's almost like they don't care because it's generating income. If you report scam apps within their app store, they are mostly gone within 24 hours, which just shows how a financial bias makes them less willing to get rid of scam ads but apps they don't make any money from are gone quickly.

Perhaps a sign that revenue through deceiving and scam ads accounts for a significant part of their revenue? Wouldn't even surprise me.

[hatshepsut93]

Malware authors will adapt to this new policy, they will obfuscate malicious parts of their code in some other ways, like for example by just writing spaghetti code. It will always be very hard to determine what a messy code does by simply looking at it.
Also, there are legitimate reasons for obfuscating code, like for preventing others from stealing and modifying it to use it for profit or just  for compressing it, so some innocent parties might also suffer from this policy.