The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified as a Monero cryptocurrency miner. The compromise was uncovered during periodic certification checks by AppEsteem. Sophos and other cybersecurity firms found an unsigned, obfuscated executable named 'me.exe' installed under C:\Program Files\Hola\. The miner adds a Windows Defender exclusion rule, copies itself as 'HolaMonitorService.exe', creates a service 'hola_monitor_svc', and activates when the system is idle. Hola confirmed the supply chain compromise, stating that only about 0.1% of users were affected and no user data was accessed. The company has since rebuilt its distribution pipeline and implemented stricter code-signing and access controls. The incident highlights risks in software supply chains and the importance of integrity checks.

Key facts

• Hola Browser Windows version compromised in supply chain attack.
• Undisclosed executable 'me.exe' identified as Monero cryptocurrency miner.
• Miner adds Windows Defender exclusion and runs as a service when idle.
• Hola confirms incident, says 0.1% of users affected with no data breach.
• Company rebuilt distribution pipeline and tightened code-signing controls.