Security researchers at MalwareBytes have uncovered an interesting example of one of the new ways that third parties can try to make money out of *your* computer.
Adam Kujawa, a malware researcher at the firm, has described how browser toolbars and search add-ons may not only try to earn money and irritate you by displaying adverts, but might also be silently installing a Bitcoin miner onto your PC.
There’s nothing wrong with Bitcoin-mining software, of course. But it should be *your* choice whether you want your computer’s resources tied up with the complex number-crunching necessary to create the digital currency. What’s bad about the software that MalwareBytes has discovered, is that users may not realise that this is the price they are paying for installing what they believed to be a free tool.
In this particular case, researchers have identified a tool called “Your Free Proxy”, from a company called Mutual Public (also known as We Build Toolbars, LLC or WBT).
The proxy software claims that it will protect your IP address, and keep your internet usage private from whoever might be snopping upon you. It also claims to have been featured in the New York Times, CNN, Fast Company, Wall Street Journal and others, had over 189 million downloads, and to be 100% free.
Sounds too good to be true, doesn’t it? And perhaps it is.
Because the security researchers discovered that the software uses the Mutual Public Installer (monitor.exe), downloading it from an Amazon cloud server. And that installer can receive remote commands, including instructions to download Bitcoin-mining software.
Sneaky. Very sneaky.
Perhaps surprisingly, the software doesn’t entirely hide its intentions.
Buried away in the program’s terms & conditions is a section that says:
COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.
No doubt it’s that small print that the firm is hoping will keep it out of any legal trouble.
After all, it was there for users to see… and it’s hardly the software vendor’s fault that once again users didn’t bother to read the legalese…
Always be wary of software which seems to be too good to be true. It may well be trying to make money at your expense.
Hopefully other anti-virus vendors will follow MalwareBytes’s lead and add detection of this potentially unwanted application, as I cannot imagine many people wanting their computer’s performance to be halved because it is secretly making money for someone else.
Learn more about this Bitcoin-mining software on MalwareBytes’s blog.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
2 comments on “Free WiFi proxy revealed to be sneakily Bitcoin mining on unsuspecting users’ computers”
Graham, an important aspect isn't just the breach of trust or slowing down the users' machines, the most legally significant issue is one of theft of electricity – all that number crunching can more than double power consumption, especially if it can use one or more GPUs too.
The clause in their contract does not explain that it would increase the users electricity bills, so I expect their hoped-for defence would not stand up in court.
Another point is that using Amazon cloud services to store malware is probably a breach of their Terms and Conditions.
Perhaps a complaint to Amazon is in order.