The Windows installer for Hola Browser, a Chromium-based web browser from VPN provider Hola, has been discovered containing an unauthorized cryptocurrency miner within its distribution package, BleepingComputer reports.
Security researchers found an undeclared executable bundled with the legitimate browser software. Analysis confirmed the file was a cryptominer designed to silently consume CPU and GPU resources on victims' machines to generate cryptocurrency for attackers. The compromise represents a supply chain attack, where malicious code was injected into the software before it reached users through official channels.
A Troubled History
The company behind the browser has long faced scrutiny over its business practices. Hola's flagship VPN service uses a peer-to-peer model that routes traffic through other users' internet connections—a design security researchers have repeatedly criticized for introducing significant privacy and security risks. In 2015, researchers demonstrated that Hola's network could be exploited for malicious activities, including distributed denial-of-service attacks. The company has also faced criticism for reselling users' bandwidth through its Luminati subsidiary.
This latest incident adds a direct supply chain compromise to that controversial history, raising questions about the integrity of Hola's software development and distribution process.
A Growing Industry-Wide Threat
The attack follows a well-established pattern in cybersecurity. Threat actors increasingly target software supply chains because compromising a single trusted distribution channel can deliver malware to thousands or millions of users simultaneously. Recent high-profile incidents—including the SolarWinds breach, the 3CX desktop app compromise, and the xz Utils backdoor attempt—have shown that even well-resourced organizations struggle to fully secure their build and release processes.
For smaller projects and less-scrutinized software ecosystems, the risks are arguably greater. Open-source maintainers and niche software vendors often lack resources for comprehensive security auditing, making them attractive targets for attackers seeking to insert malicious code with lower detection chances.
What Users Should Know
Users who downloaded Hola Browser for Windows should check whether their installation included the unwanted miner. Monitoring CPU usage for unexpected spikes and scanning systems with reputable anti-malware tools are recommended first steps. Organizations that deployed the browser in managed environments should treat the incident as a potential compromise and conduct appropriate forensics.
The incident underscores the importance of software provenance verification. Techniques such as reproducible builds, code signing with hardware-secured keys, and independent third-party audits can reduce supply chain tampering risks, though adoption remains uneven across the industry.
For the broader IT community, the Hola Browser compromise serves as another reminder that trust in software distribution must be continuously verified rather than assumed, regardless of a project's size or profile.
據 BleepingComputer 報道,VPN 供應商 Hola 推出的、基於 Chromium 的網頁瀏覽器 Hola Browser,其 Windows 安裝程式被發現在分發套件中包含未經授權的加密貨幣挖礦程式。
安全研究人員發現,一個未申報的可執行檔被捆綁在合法的瀏覽器軟件中。分析確認該檔案是一個加密挖礦程式,旨在悄悄地消耗受害者電腦的 CPU 和 GPU 資源,以替攻擊者生成加密貨幣。這次入侵代表了一次供應鏈攻擊,惡意代碼在軟件到達用戶手中之前、通過官方渠道期間被注入。
一段麻煩的歷史
開發該瀏覽器的公司長久以來因其商業行為而受到審視。Hola 的旗艦 VPN 服務採用點對點模式,通過其他用戶的互聯網連接路由流量——安全研究人員多次批評此設計引入了重大的私隱和安全風險。2015年,研究人員證明 Hola 的網絡可能被利用於惡意活動,包括分散式阻斷服務攻擊。該公司還因其子公司 Luminati 轉售用戶頻寬而受到批評。
這一最新事件為其備受爭議的歷史增添了一次直接的供應鏈入侵,引發了對 Hola 軟件開發和分發流程完整性的質疑。
一個日益嚴重的行業威脅
這次攻擊遵循了網絡安全領域一個成熟的模式。威脅行為者越來越將目標瞄準軟件供應鏈,因為入侵單一受信任的分發渠道可以同時向數千甚至數百萬用戶傳播惡意軟件。最近備受矚目的事件——包括 SolarWinds 入侵事件、3CX 桌面應用程式被入侵以及 xz Utils 後門嘗試——表明即使是資源充足的組織也難以完全保護其構建和發佈過程。
對於規模較小的項目和較少受審查的軟件生態系統,風險可以說更大。開源維護者和小眾軟件供應商通常缺乏全面安全審計的資源,使其成為攻擊者插入惡意代碼、且偵測幾率較低的理想目標。
用戶應知事項
下載了 Hola Browser Windows 版的用戶應檢查其安裝是否包含了不需要的挖礦程式。建議的首要步驟是監控 CPU 使用率是否出現意外飆升,並使用信譽良好的反惡意軟件工具掃描系統。在受管理環境中部署了該瀏覽器的組織應將此事件視為潛在入侵,並進行適當的取證分析。
此事件凸顯了軟件來源驗證的重要性。諸如可重複構建、使用硬體安全密鑰進行代碼簽署以及獨立的第三方審計等技術可以降低供應鏈篡改風險,但這些做法在整個行業的採納情況仍然參差不齊。
對於更廣泛的 IT 社群而言,Hola Browser 的入侵事件再次提醒我們,對軟件分發的信任必須持續驗證,而非理所當然,無論一個項目的規模或知名度如何。