Adam Kujawa, a malware researcher at the firm, has described how browser toolbars and search add-ons may not only try to earn money and irritate you by displaying adverts, but might also be silently installing a Bitcoin miner onto your PC.
There’s nothing wrong with Bitcoin-mining software, of course. But it should be *your* choice whether you want your computer’s resources tied up with the complex number-crunching necessary to create the digital currency. What’s bad about the software that MalwareBytes has discovered, is that users may not realise that this is the price they are paying for installing what they believed to be a free tool.
In this particular case, researchers have identified a tool called “Your Free Proxy”, from a company called Mutual Public (also known as We Build Toolbars, LLC or WBT).
The proxy software claims that it will protect your IP address, and keep your internet usage private from whoever might be snopping upon you. It also claims to have been featured in the New York Times, CNN, Fast Company, Wall Street Journal and others, had over 189 million downloads, and to be 100% free.
Sounds too good to be true, doesn’t it? And perhaps it is.
Because the security researchers discovered that the software uses the Mutual Public Installer (monitor.exe), downloading it from an Amazon cloud server. And that installer can receive remote commands, including instructions to download Bitcoin-mining software.
Sneaky. Very sneaky.
Perhaps surprisingly, the software doesn’t entirely hide its intentions.
Buried away in the program’s terms & conditions is a section that says:
COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.
No doubt it’s that small print that the firm is hoping will keep it out of any legal trouble.
After all, it was there for users to see… and it’s hardly the software vendor’s fault that once again users didn’t bother to read the legalese…
Always be wary of software which seems to be too good to be true. It may well be trying to make money at your expense.
Hopefully other anti-virus vendors will follow MalwareBytes’s lead and add detection of this potentially unwanted application, as I cannot imagine many people wanting their computer’s performance to be halved because it is secretly making money for someone else.
Learn more about this Bitcoin-mining software on MalwareBytes’s blog.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.