Some software small print includes permission to install a Bitcoin miner on machines
A piece of Bitcoin mining software has been thrust on to users’ machines and apparently made legal by including a permission to suck up compute power in the end user licence agreement (EULA).
Described as a potentially unwanted program (PUP), the Bitcoin miner appears to be downloaded alongside browser software from an organisation known as Mutual Public, or We Build Toolbars.
According to a file dug up by Malwarebytes, the EULA says that “as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security”. “Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates,” it adds.
Malwarebytes traced a “monitor.exe” file back to Mutual Public, discovering that it was downloading the Bitcoin miner from a remote server.
Bitcoin miners carry out the difficult mathematical problems required to unlock new Bitcoins. Crooks like to install Bitcoin miners on users’ systems and building significant-sized botnets, but it appears some have started to legitimise the process using EULAs.
“In my opinion, PUPs have gone to a new low with the inclusion of this type of scheme, they already collected information on your browsing and purchasing habits with search toolbars and redirectors,” said Adam Kujawa, lead malware intelligence analyst at Malwarebytes, in a blog post.
“Already assaulted users with pop-up ads and unnecessary software to make a buck from their affiliates. Now they are just putting the nails in the coffin by stealing resources and driving user systems to the grave.”
Bitcoin hit fresh highs last week, as the value for 1 BTC shot up over the $1000 mark.
What do you know about Bitcoin? Take our quiz!