The Windows version of Hola Browser was compromised in a supply chain attack that installed an undeclared executable identified as a Monero cryptocurrency miner. Researchers found the malicious file during AppEsteem certification checks, and Hola later confirmed the breach while saying only a small fraction of users were affected. #HolaBrowser #AppEsteem #Monero #Hola #Sygnia
Keypoints
- The Windows version of Hola Browser was hit by a supply chain compromise.
- An undeclared file named me.exe was found in the installation directory.
- Sophos identified the binary as a Monero cryptocurrency miner.
- The miner added Defender exclusions, installed a service, and ran when the system was idle.
- Hola said it rebuilt its distribution pipeline and tightened security controls after the incident.