The Hola browser might have been mining crypto behind your back

Security researchers recently uncovered a supply chain compromise in the Hola browser for Windows, where it slipped a crypto-miner into some users’ systems.

This was spotted by Sophos X-Ops during routine certification testing, prompting swift action from the company.

The issue was identified while testing version 1.251.91.0 of the Hola browser. It had previously passed AppEsteem Windows Certified Application testing, but testers later detected an undeclared file name, me.exe, written to C:\Program Files\Hola\. This was later flagged as a potentially unwanted application, which turned out to be an XMRig-based crypto miner that also contained obfuscated code.

It’s worth noting that “me.exe” didn’t appear consistently in all installations, and it varies based on the build channels. It’s not present on all versions of the browser. If this file is run with admin privileges, it adds a Windows Defender exclusion.

Fortunately, Hola’s CEO Avi Raz Cohen acknowledged the incident as a supply chain attack on the update. The company’s internal monitoring had already detected anomalous activity, and Hola confirmed that it’s not an intended component of the browser.

Additionally, an independent cybersecurity firm, Sygnia, corroborated these findings. There was no leaked user data or other compromises of that sort. It only affected approximately 0.1% of users.

Hola moved quickly to fix the problem and halted the affected delivery pipeline. They’ve removed “me.exe,” and the infrastructure was rebuilt. Developers integrated better security measures and also better monitoring to ensure that verified components reach users. AppEsteem later confirmed that Hola had fixed these pipeline issues.

This incident primarily affects Windows users who installed or updated Hola Browser during the vulnerable period. Most users remained unaffected. On impacted systems, the unauthorized miner ran via an autostart service until removed. Hola users should update immediately to the latest version.

If you’re using the Hola Browser, consider alternatives with stronger security track records, since this isn’t the first time the company has faced privacy and security scrutiny due to its past opaque traffic-handling practices linked to Luminati Networks.

Disclaimer: The Featured image was generated with AI.

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.