Hola Browser Faces Supply Chain Attack Delivering Cryptocurrency Miner
Hola Browser for Windows compromised to deliver cryptominer
Image: Bleepingcomputer
The Hola Browser for Windows has been compromised in a supply chain attack that introduced an undeclared cryptocurrency miner. Discovered during AppEsteem certification checks, the malware was identified as a Monero miner. Hola claims only 0.1% of users were affected and has since strengthened its security measures.
- 01The attack involved an undeclared executable named ‘me.exe’, which was identified as a Monero cryptocurrency miner.
- 02Hola Browser integrates VPN and proxy functionality and is developed by the Israeli company Hola, known for its controversial traffic-handling practices.
- 03The malware created an auto-starting Windows service and added an exclusion rule to Windows Defender.
- 04Hola confirmed the supply chain compromise and stated that only about 0.1% of users were impacted.
- 05The company has since rebuilt its distribution pipeline and implemented advanced security measures.
Advertisement
In-Article Ad
The Hola Browser for Windows has been compromised in a supply chain attack that introduced a cryptocurrency miner, specifically a Monero miner, identified as ‘me.exe’. This was uncovered during AppEsteem certification checks, which the browser had previously passed. Hola, an Israeli company known for its VPN services, faced scrutiny in the past for its traffic-handling practices. The malware, which was not certified or digitally signed, created an auto-starting Windows service and modified Windows Defender settings to avoid detection. Hola's CEO, Avi Raz Cohen, confirmed the breach and stated that only about 0.1% of users were affected, with no evidence of user data theft. Following the incident, the company has revamped its distribution pipeline and enhanced security measures to prevent future compromises. Despite these assurances, further inquiries regarding the breach's specifics and potential impacts on other platforms remain unanswered.
Advertisement
In-Article Ad
The breach may affect users' trust in Hola's products and their overall cybersecurity.
Advertisement
In-Article Ad
Reader Poll
How concerned are you about supply chain attacks on software?
Connecting to poll...
Read the original article
Visit the source for the complete story.