Browser Plugin Secretly Mines Bitcoins at Your Expense

Some computer programs do more than they advertise — and if so, it's rarely a good thing.

California-based anti-virus company Malwarebytes found that a browser plugin called YourFreeProxy was, aside from its advertised features, using the computers on which it was installed to mine Bitcoins.

MORE: 10 Reasons Coin Card Could Be a Security Nightmare

A Malwarebytes customer first brought the issue to light when he reported an undeletable file on his computer called "jh1d.exe" that was tying up more than 50 percent of his computer's system resources, significantly slowing his machine down.

On closer analysis, Malwarebytes realized that the file was a Bitcoin mining piece of software with the full name jhProtominer.

What does that mean? Bitcoin is a type of digital currency that bases its value not on a centralized standard, but rather on a peer-to-peer computer network accessible through an application and storage system called a Bitcoin wallet.

Bitcoins can be exchanged for other types of currency, or can be mathematically generated in a process called "mining," a potentially time-consuming process that also requires significant computer processing power.

When the Bitcoin network first launched in 2008, one Bitcoin was worth less than a tenth of a cent.  A few days ago, however, the value of one Bitcoin broke $1,000 for the first time. Bitcoin trading and mining have never been more lucrative.

But the people unknowingly hosting these secret Bitcoin-mining toolbars won't see a cent of that money. The Bitcoin miner in YourFreeProxy was being remotely controlled via a program called "monitor.exe," ownership of which Malwarebytes traced back to a Las Vegas-based company called Mutual Public, or We Build Toolbars.

Thanks to some careful wording in its End User Licensing Agreement (EULA), Mutual Public's bitcoin mining may be legal, if also deceitful. The EULA states that "as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by [We Build Toolbars] or our affiliates are the sole property of WBT and our affiliates."

In other words, by downloading Mutual Public's software, users are ostensibly agreeing to let the company use their computers' processing power.

"Take note if your system is running especially slow or if a process is taking up massive amounts of your processing power," writes Malwarebytes' Adam Kujawa on the company blog. "It might be malware or even a [potentially unwanted program] running a miner on your system."

Email or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

What is Bitcoin?

13 Security and Privacy Tips for the Truly Paranoid

Best AntiVirus Software Review

This thread is closed for comments
    Your comment
  • JavaScript on websites can also do this. It has been happening a very long time and to be honest it isn't that profitable anymore so there are fewer people engaging in it nowadays than there have been as recent as early this year.
  • It may not be profitable doing it alone, but a plugin installed on a few hundred machines can mine some serious coin. I say they should be taken to court, and all profits plus damages be given to those who installed their plugin.
  • Stop wasting unnecessary energy, the environment is already messed up enough! STOP BITCOINING!