Browser Plugin Secretly Mines Bitcoins at Your Expense
Some computer programs do more than they advertise — and if so, it's rarely a good thing.
California-based anti-virus company Malwarebytes found that a browser plugin called YourFreeProxy was, aside from its advertised features, using the computers on which it was installed to mine Bitcoins.
A Malwarebytes customer first brought the issue to light when he reported an undeletable file on his computer called "jh1d.exe" that was tying up more than 50 percent of his computer's system resources, significantly slowing his machine down.
On closer analysis, Malwarebytes realized that the file was a Bitcoin mining piece of software with the full name jhProtominer.
What does that mean? Bitcoin is a type of digital currency that bases its value not on a centralized standard, but rather on a peer-to-peer computer network accessible through an application and storage system called a Bitcoin wallet.
Bitcoins can be exchanged for other types of currency, or can be mathematically generated in a process called "mining," a potentially time-consuming process that also requires significant computer processing power.
When the Bitcoin network first launched in 2008, one Bitcoin was worth less than a tenth of a cent. A few days ago, however, the value of one Bitcoin broke $1,000 for the first time. Bitcoin trading and mining have never been more lucrative.
But the people unknowingly hosting these secret Bitcoin-mining toolbars won't see a cent of that money. The Bitcoin miner in YourFreeProxy was being remotely controlled via a program called "monitor.exe," ownership of which Malwarebytes traced back to a Las Vegas-based company called Mutual Public, or We Build Toolbars.
Thanks to some careful wording in its End User Licensing Agreement (EULA), Mutual Public's bitcoin mining may be legal, if also deceitful. The EULA states that "as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by [We Build Toolbars] or our affiliates are the sole property of WBT and our affiliates."
In other words, by downloading Mutual Public's software, users are ostensibly agreeing to let the company use their computers' processing power.
"Take note if your system is running especially slow or if a process is taking up massive amounts of your processing power," writes Malwarebytes' Adam Kujawa on the company blog. "It might be malware or even a [potentially unwanted program] running a miner on your system."