⚠️💻 A certified browser distributed a crypto miner to its own users.
Hola Browser users were unpleasantly surprised to discover that an official Windows version of the browser had distributed a hidden program capable of mining Monero without the owner's knowledge.
The file, named me.exe, was not present in the certified components of the software and showed several warning signs: obfuscated code, lack of a digital signature, and the ability to modify Windows security settings.
According to Sophos researchers, the program contained references to XMRig, one of the most well‑known Monero mining softwares.
When executed, it could evade Microsoft Defender scans, install itself as a Windows service, and quietly use the PC’s resources during idle periods to generate cryptocurrencies.
The software came from the browser’s official distribution channel. The publisher claims that a compromise of its distribution chain caused the incident and estimates that about 0.1% of users were affected.
