The Windows version of Hola Browser has been targeted in a supply chain attack that injected an undeclared cryptocurrency miner into the application. Researchers identified the malicious executable embedded within the browser distribution.
The compromise affected Hola Browser's Windows release, with attackers successfully injecting cryptomining code into the software supply chain. Users who downloaded or updated the browser received the malicious payload alongside legitimate application files.
Security researchers discovered the undeclared executable through standard malware analysis protocols. The injected code functioned as a cryptocurrency miner, leveraging infected systems' computational resources to generate digital currency for attackers without user knowledge or consent.
Attack Vector
The supply chain compromise represents a direct threat to end users, as the malicious code bypassed typical distribution channels. Rather than requiring separate infection vectors, the miner arrived bundled with trusted software, significantly increasing the likelihood of successful installation.
Impact and Response
Users running compromised versions of Hola Browser for Windows experienced unexpected performance degradation, increased CPU usage, and elevated system temperatures—common indicators of cryptomining activity. The attack potentially affected an unknown number of installations before detection.
Hola Browser developers have been notified of the compromise. Users should immediately update to patched versions or remove the application entirely if updates are not yet available. Security experts recommend scanning systems for residual malicious processes and monitoring for unauthorized resource consumption.
Broader Context
This incident underscores persistent vulnerabilities in software distribution infrastructure. Supply chain attacks have intensified in recent years, with threat actors targeting development platforms and distribution channels to maximize reach and legitimacy. The cryptocurrency mining sector has historically driven such attacks, as attackers seek access to processing power at scale.
Users of Hola Browser and similar third-party applications should enable automatic updates, verify digital signatures when available, and monitor system performance for anomalies indicative of compromised software.
Password manager Dashlane has disclosed how attackers successfully downloaded encrypted password vaults from its users by targeting large numbers of accounts to increase odds of success.
Cisco has disclosed a high-severity zero-day vulnerability in its Catalyst SD-WAN Manager that attackers are actively exploiting to gain root-level access. The flaw remains unpatched.
A new Magecart skimming operation is leveraging Stripe's API infrastructure to both deliver card-stealing malware and exfiltrate payment data from compromised checkout pages.
A former IBM cybersecurity executive filed a lawsuit alleging that IBM and AT&T concealed repeated foreign hacker breaches from US government authorities, violating disclosure laws.