The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified as a cryptocurrency miner. This compromise was uncovered during periodic certification checks on Hola Browser as part of its AppEsteem certification testing procedure, according to a recent report by Bleeping Computer.Cybersecurity researchers at Sophos and other companies discovered an undeclared executable, identified as a Monero cryptocurrency miner, being installed with the Hola Browser. The file, named "me.exe", was not digitally signed, contained obfuscated code, and could write to memory. The miner installs itself as "HolaMonitorService.exe", creates an auto-starting Windows service, and runs when the computer is idle.Hola confirmed a supply chain compromise, stating that approximately 0.1% of its users were affected, with no evidence of user data access or theft. The company has since rebuilt its distribution pipeline and implemented enhanced security measures to prevent future incidents.Source: Bleeping Computer
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds