RSS

Hola Browser for Windows compromised to deliver cryptominer

Brajeshwar2 pts0 comments

Hola Browser for Windows compromised to deliver cryptominer

Home<br>News<br>Security<br>Hola Browser for Windows compromised to deliver cryptominer

Hola Browser for Windows compromised to deliver cryptominer

By Bill Toulas

June 4, 2026

05:27 PM

The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner.

The compromise was uncovered during periodic certification checks on Hola Browser as part of its AppEsteem certification testing procedure, which it had previously passed.

Hola is an Israeli company best known for Hola VPN, a service that allows users to route internet traffic through other users' devices or through paid proxy infrastructure to bypass geographic restrictions and access content from different countries.

Hola Browser is based on Chromium and integrates VPN and proxy functionality directly into the browser.

The company and its products have attracted controversy in the past due to opaque traffic-handling practices related to the operation of a commercial service called Luminati Networks, which turned free users into proxies.

In the latest app integrity checks, Sophos and other cybersecurity companies involved in the evaluation process discovered an undeclared executable named &lsquo;me.exe&rsquo; being installed in some cases under C:\Program Files\Hola\.

The file had not been certified, had no timestamp, wasn&rsquo;t digitally signed, contained obfuscated code, and could write to memory.

On closer examination, Sophos found signs that the binary was a Monero cryptocurrency miner, including strings pointing to its true nature.

The miner adds a Windows Defender exclusion rule, copies itself to Program Files as &lsquo;HolaMonitorService.exe,&rsquo; creates an auto-starting Windows service named &lsquo;hola_monitor_svc,&rsquo; and runs when the computer is idle.

Holas's response

Hola was informed of the findings by AppEsteem and confirmed that they had suffered a supply chain compromise, which was also independently detected by cybersecurity firm Sygnia.

Despite that, the software vendor says that only about 0.1% of its users were affected, and there&rsquo;s no evidence of user data access, theft, or compromise.

&ldquo;We have since completely rebuilt our distribution pipeline, implemented advanced code-signing verification, and introduced tighter access controls and continuous monitoring across our infrastructure,&rdquo; assured Hola&rsquo;s CEO, Avi Raz Cohen.

&ldquo;These measures are designed to ensure that only declared, certified, and signed components are ever delivered to our users.&rdquo;

BleepingComputer has contacted Hola to request more information about how the breach occurred, who the perpetrators are, and whether clients on other platforms were also affected, but we have not heard back as of this publishing.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.<br>The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Related Articles:

DAEMON Tools trojanized in supply-chain attack to deploy backdoor<br>New IronWorm malware hits 36 packages in npm supply-chain attack<br>New Shai-Hulud malware wave compromises 600 npm packages<br>Shai Hulud attack ships signed malicious TanStack, Mistral npm packages<br>Popular node-ipc npm package compromised to steal credentials

CryptoMiner

Hola Browser

Miner

Monero

Software

Supply Chain

Supply Chain Attack

Bill Toulas

Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

VS Code zero-day lets hackers steal GitHub tokens in one click

Microsoft Exchange Online outage causes email delays, failures

Sponsor Posts

Your last pentest was 345 days ago. What changed since then?

New webinar: Behind-the-scenes of device code phishing kits

The State of Healthcare Credential Exposure in 2026: Read the (Ungated) Report

SecAlerts: real-time vulnerability information directly from the source - no NVD delays.

Your AI tools are leaking sensitive data. Get a free audit.

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...

SUBMIT

hola browser windows attack compromised supply

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.