News

Hola Browser for Windows compromised to deliver cryptominer

By Ben Archer · Security Reporter 9h ago

The Windows version of Hola Browser fell victim to a supply chain compromise that injected a cryptomining payload into the application. Researchers identified an undeclared executable embedded in the Windows client that mines cryptocurrency without user consent or knowledge.

Hola Browser, a free VPN and proxy tool with millions of users, distributed the malicious binary through its official update mechanism. The attack compromised the software's build pipeline or distribution channel, allowing threat actors to inject the miner directly into legitimate installation packages. Users who downloaded or updated the Windows version received the trojanized executable alongside the expected browser functionality.

The cryptominer runs in the background and consumes system resources to generate cryptocurrency for the attackers' wallets. This type of attack degrades device performance, increases electricity consumption, and shortens hardware lifespan. For organizations, compromised employee machines create security gaps and drain IT infrastructure capacity.

Supply chain attacks of this nature pose escalating risk because they exploit trust relationships. Users download software from official sources expecting legitimacy, but attackers who infiltrate distribution systems or build infrastructure can reach millions of devices at once. The Hola Browser incident demonstrates how even consumer-facing applications can become vectors for unauthorized resource theft.

Affected users face immediate risk of their computing resources being commandeered for financial gain. Organizations should audit systems running Hola Browser, remove the application if discovered, and monitor for cryptomining signatures including elevated CPU usage and unexpected network connections to mining pools.

Hola Browser's developers faced pressure to investigate how the compromise occurred and whether other versions or releases contained malicious code. The incident underscores the importance of verifying application integrity, implementing code signing verification, and monitoring software supply chains for unauthorized modifications.

Users should remove Hola Browser from Windows systems and switch to independently audited VPN clients with transparent security practices. Security teams should block the application at the network boundary and scan systems for

Key facts

The Windows version of Hola Browser fell victim to a supply chain compromise that injected a cryptomining payload into the application.
Researchers identified an undeclared executable embedded in the Windows client that mines cryptocurrency without user consent or knowledge.
Hola Browser, a free VPN and proxy tool with millions of users, distributed the malicious binary through its official update mechanism.
The attack compromised the software's build pipeline or distribution channel, allowing threat actors to inject the miner directly into legitimate installation packages.

Why it matters

This general story is part of CyberWireDaily's daily monitoring of sources, companies, institutions, and trends shaping security breaches, threats & cyber news.

Source context

This article summarizes and contextualizes reporting from BleepingComputer. The visible original source link is retained so readers can review the primary report directly.

Hola Browser for Windows compromised to deliver cryptominer

Key facts

Why it matters

Source context

Related reading

Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa

Get Daily CyberWireDaily