Researchers have uncovered a devious scheme in which a seemingly legitimate free application is surreptitiously installing code on users’ devices that ultimately drains system resources for mining purposes.
The toolbar specialist company Mutual Public – also known as We Build Toolbars or WBT – offers a free application called YourFreeProxy which allows users to establish a virtual private network when accessing the Internet, but unless the users read the fine print in the end-user license agreements (EULA), they might never know that they are consenting to allow their systems to be tapped for processing power.
The EULA states: “COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates,” essentially granting permission for the application to tap the system’s processing power, possibly presenting users with performance issues.
“Potentially Unwanted Programs or PUPs as we like to call them, are things like Toolbars, Search Agents, etc.” writes Malwarebytes’ Adam Kujawa. “This time, however, we are taking a look at a PuP that installs a Bitcoin miner on the user system, not just for a quick buck but actually written into the software’s EULA. This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash.”
The problem specifically relates to a file called “jh1d.exe” installed by process called Monitor.exe, which continuously “beacons out” while awaiting commands to be issued from a remote server which installs the “jhProtominer” miner code on the system.
Repeated attempts to delete “jh1d.exe” are unsuccessful because Monitor.exe repeatedly re-installs it, and some victims have complained that as much as half of their systems’ processing power ends up being consumed.
“So take note if your system is running especially slow or if a process is taking up massive amounts of your processing power; it might be malware or even a PUP running a miner on your system,” warns Kujawa.
Categories: Top Security Stories