The booming Bitcoin price is driving rogue software firms to embed mining functions inside apparently innocent tools that come with End User Licence Agreements (EULAs) legitimising the behaviour, security firm Malwarebytes has warned.
The firm said it had recently received a report on the ‘Your Free Proxy’ tool distributed by US outfit We Build Toolbars LLC which had been consuming 50 percent system resources on one user’s PC.
A closer look revealed that the tool been installed with the hidden Bitcoin miner ‘jhProtomine’, a fact that was cheekily referenced in its catch-all EULA.
“COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates,” read the key EULA paragraph.
Bitcoin mining of this type is not new but the tactic of embedding the permission inside a EULA is still novel. Malwarebytes classifies the program as a Potentially Unwanted Programme (a PUP), a long-established form of software annoyance where users get a lot more than they bargained for, usually in the form of interference to their browser settings.
In the past largely employed by small US-based firms, the PUP tactic has fallen out of favour in the face of the wave of aggressive East European malware that has made it almost impossible to install anything with suspicion being raised.
However, until the US authorities stamp down on it Bitcoin mining might temporarily rejuvenate the category.
“In my opinion, PUPs have gone to a new low with the inclusion of this type of scheme, they already collected information on your browsing and purchasing habits with search toolbars and redirectors,“ said Malwarebytes researcher, Adam Kujawa.
“They assault users with pop-up ads and unnecessary software to make a buck from their affiliates. Now they are just putting the nails in the coffin by stealing resources and driving user systems to the grave.”
Malwarebytes’ message is to expect more where this came from, at least as long as the surge in the value of Bitcoins continues. Bitcoins are also designed to get more difficult to mine over time which could be driving the demand to distribute the workload across botnets of slave computers.
There is hard evidence that the criminal underworld sees Bitcoin mining as an interesting sideline. Last week, a security firm discovered a version of the Atrax malware kit with a module capable not only of mining the currency behind the user’s back but stealing it from digital wallets.