Bitcoin Mining Malware Bundled with Legitimate Applications


Warning from security researchers at Malwarebytes, there is a new malware threat recently, which Bitcoin miners are bundled with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications.

The malware is using ‘jhProtominer’, a popular mining software that runs via the command line. It abuse the CPUs and GPUs of infected computers to generate Bitcoins. ‘jhProtominer’ bundled with ‘monitor.exe’, which is a part of “YourFreeProxy” application. The ‘monitor.exe’ is waiting for commands from a remote server, eventually downloading the miner and installing it on the system.

“YourFreePorxy” is owned by Mutual Public AKA We Build Toolbars, it is proxy server. However, this application bundle a malware which will use users’ computer to mine Bitcoins. Actually, this feature appears in their terms of service.

Terms of Service

COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.

One of the user reported to Malwarebytes that saw a 50% increase in processor usage when installed the toolbar. Maybe that mining software could be flagged as malware.

External Link:
[1]Potentially Unwanted Miners – Toolbar Peddlers Use Your System To Make BTC
[2]Don’t Install Crap ! Bitcoin Mining malware bundled with Potentially Unwanted Programs

Please do hesitate to contact me if you found out any mistake or typo.