Hola Browser for Windows compromised to deliver cryptominer
Summary
The Windows version of the Hola Browser was compromised through a supply chain attack, leading to the delivery of an undeclared cryptocurrency miner. Researchers discovered this malicious payload embedded within the browser's legitimate installation process.
IFF Assessment
FOE
This incident represents a supply chain attack that injects malware into a user's system, posing a direct threat to their security and privacy.
Defender Context
This incident highlights the risks associated with supply chain attacks, where trusted software can be compromised to distribute malware. Defenders should be vigilant about monitoring for unexpected behavior in deployed applications and educate users on the importance of verifying software sources.