Sign in with
Sign up | Sign in

Browser Plugin Secretly Mines Bitcoins at Your Expense

By - Source: Tom's Guide US | B 11 comments
Tags :

Some computer programs do more than they advertise — and if so, it's rarely a good thing.

California-based anti-virus company Malwarebytes found that a browser plugin called YourFreeProxy was, aside from its advertised features, using the computers on which it was installed to mine Bitcoins.

MORE: 10 Reasons Coin Card Could Be a Security Nightmare

A Malwarebytes customer first brought the issue to light when he reported an undeletable file on his computer called "jh1d.exe" that was tying up more than 50 percent of his computer's system resources, significantly slowing his machine down.

On closer analysis, Malwarebytes realized that the file was a Bitcoin mining piece of software with the full name jhProtominer.

What does that mean? Bitcoin is a type of digital currency that bases its value not on a centralized standard, but rather on a peer-to-peer computer network accessible through an application and storage system called a Bitcoin wallet.

Bitcoins can be exchanged for other types of currency, or can be mathematically generated in a process called "mining," a potentially time-consuming process that also requires significant computer processing power.

When the Bitcoin network first launched in 2008, one Bitcoin was worth less than a tenth of a cent.  A few days ago, however, the value of one Bitcoin broke $1,000 for the first time. Bitcoin trading and mining have never been more lucrative.

But the people unknowingly hosting these secret Bitcoin-mining toolbars won't see a cent of that money. The Bitcoin miner in YourFreeProxy was being remotely controlled via a program called "monitor.exe," ownership of which Malwarebytes traced back to a Las Vegas-based company called Mutual Public, or We Build Toolbars.

Thanks to some careful wording in its End User Licensing Agreement (EULA), Mutual Public's bitcoin mining may be legal, if also deceitful. The EULA states that "as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by [We Build Toolbars] or our affiliates are the sole property of WBT and our affiliates."

In other words, by downloading Mutual Public's software, users are ostensibly agreeing to let the company use their computers' processing power.

"Take note if your system is running especially slow or if a process is taking up massive amounts of your processing power," writes Malwarebytes' Adam Kujawa on the company blog. "It might be malware or even a [potentially unwanted program] running a miner on your system."

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

What is Bitcoin?

13 Security and Privacy Tips for the Truly Paranoid

Best AntiVirus Software Review

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 0 Hide
    iamadev , December 3, 2013 4:21 AM
    JavaScript on websites can also do this. It has been happening a very long time and to be honest it isn't that profitable anymore so there are fewer people engaging in it nowadays than there have been as recent as early this year.
  • 0 Hide
    salgado18 , December 3, 2013 4:42 AM
    It may not be profitable doing it alone, but a plugin installed on a few hundred machines can mine some serious coin. I say they should be taken to court, and all profits plus damages be given to those who installed their plugin.
  • 0 Hide
    Anonymous , December 3, 2013 4:50 AM
    Stop wasting unnecessary energy, the environment is already messed up enough! STOP BITCOINING!
  • Display all 11 comments.
  • 0 Hide
    Hando567 , December 3, 2013 5:29 AM
    I have always thought it would be interesting if there was an alternative to bitcoin that come out which was based upon doing actual good. Something where instead of solving for arbitrary blocks, there are actual scientific and ma thematic problems being solved. Almost like a supercomputer in the cloud. You figure this way the energy is at least used doing some kind of good for the world.
  • -1 Hide
    techguy911 , December 3, 2013 5:32 AM
    @iamadev not profitable on a small scale no but on a huge scale say 1 million+ cpu's and gpu's you can make 100,000-120,000 a day while it's not profitable for a single person to do this on that scale and not spending any money is quite profitable.
  • 0 Hide
    ingtar33 , December 3, 2013 6:07 AM
    bitcoin mining viruses are not new... not sure why this is news. though i appreciate the heads up about a browser plugin i never heard about.
  • 0 Hide
    cats_Paw , December 3, 2013 7:13 AM
    Bitcoin mining is nothing more than a large scale and well thought scam.
    Dont take my word or arguments for it. Do your own research and get your own conclusions. Took me about 5 hours to figure it out, but im positive getting into the bitcoin mining business is simply giving your money away.
  • 0 Hide
    warezme , December 3, 2013 8:06 AM
    You know a good firewall would notify the user, hey this app blahblah.exe is trying send information out to IP *.*.*.* , would you like to allow it? That is your clue to block it and then root it out. There are even some good free firewalls if you can get past the occasional upgrade notices.
  • 0 Hide
    universal remonster , December 3, 2013 8:38 AM
    "@iamadev not profitable on a small scale no but on a huge scale say 1 million+ cpu's and gpu's you can make 100,000-120,000 a day while it's not profitable for a single person to do this on that scale and not spending any money is quite profitable."

    That is hands down the most uneducated comment in regards to Bitcoin mining I have ever read.
  • 0 Hide
    techguy911 , December 3, 2013 4:04 PM
    @universal remonster if 1 million people had this tool bar installed and say let lowball stats say 230 mh/s that is .13 a day x 1million hashes =$130,000 day at $797.98 per bitcoin with difficulty of 707,408,283.
    A top end gaming system would make 1.50 cents a day USD since they don't pay for gear or electricity to run all those 1million miners it would only server costs+electricity to run server+internet cost they could make alot of money where running 1 pc top gaming system that 1.50 might not be enough to cover hydro cost.
  • 0 Hide
    wiyosaya , December 4, 2013 11:12 AM
    @Hando, I'm not quite sure what you are getting at as there is BOINC, but those who run it do not get paid for the work.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter