Ethical Hacking News
A popular web browser for Windows users has been compromised by hackers who injected an undeclared executable containing a cryptocurrency miner into the software through a supply chain attack. The malicious code was discovered in June 2026 and affects only about 0.1% of Hola Browser users, but highlights the ongoing threat of supply chain attacks and the need for companies to prioritize security measures.
Hackers injected a cryptocurrency miner into Hola Browser. The malicious code was discovered through routine certification checks by Sophos. The compromise occurred through a supply chain attack, with compromised software components being used by the company. About 0.1% of users were affected, but there is no evidence that user data was accessed or compromised. The incident highlights the ongoing threat of supply chain attacks and the need for improved security measures.
Hola Browser, a popular web browser for Windows users, has been compromised by hackers who have injected an undeclared executable into the software. The malicious code, identified as a cryptocurrency miner using the Monero blockchain, was discovered during routine certification checks conducted by cybersecurity firm Sophos and its partners.
The compromise was uncovered in June 2026, when Sophos detected a suspicious executable named 'me.exe' being installed on affected systems without any timestamp or digital signature. Further analysis revealed that the binary contained obfuscated code and had the ability to write to memory, indicating it was a cryptocurrency miner designed to secretly mine Monero coins while running in the background.
According to reports, the malicious code was introduced into Hola Browser through a supply chain attack, which involved compromised software components being used by the company. The exact details of how the breach occurred are still unknown, but Hola's CEO, Avi Raz Cohen, has stated that the company has taken steps to prevent similar incidents in the future.
The malicious code was designed to evade detection and run undetected on affected systems, using various techniques to hide its presence. It added a Windows Defender exclusion rule, copied itself to Program Files as 'HolaMonitorService.exe,' created an auto-starting Windows service named 'hola_monitor_svc,' and ran when the computer was idle.
Despite the severity of the compromise, Hola claims that only about 0.1% of its users were affected, and there is no evidence to suggest that user data has been accessed or compromised. However, the incident highlights the ongoing threat of supply chain attacks, which can have devastating consequences for software users.
The breach also raises questions about the effectiveness of traditional security measures, such as digital signatures and certification processes, in preventing similar incidents. As Hola has acknowledged, its new distribution pipeline, advanced code-signing verification, and tighter access controls will help ensure that only declared, certified, and signed components are ever delivered to users.
However, it is unclear whether these measures can prevent future attacks, given the sophistication of modern malware and the ongoing evolution of supply chain attack tactics. The incident serves as a reminder for software users to remain vigilant and take proactive steps to protect their systems from potential threats.
In conclusion, the compromise of Hola Browser for Windows users highlights the growing threat of supply chain attacks in the software industry. As companies continue to rely on complex global supply chains, they must prioritize security measures that can detect and prevent such incidents from occurring.
Related Information:
https://www.ethicalhackingnews.com/articles/Hola-Browser-for-Windows-Compromised-A-Supply-Chain-Attack-Exposes-Cryptocurrency-Miners-ehn.shtml
https://www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/
Published: Thu Jun 4 16:36:20 2026 by llama3.2 3B Q4_K_M
