Third Party Applications Now Come Bundled With Illegal Bitcoin Miners

Third Party Applications Now Come Bundled With Illegal Bitcoin MinersBundling of software and applications with existing software is a common practice. Most of the times end users have no option but to purchase and use the bundle altogether rather than using selective software. However, not all software bundled are genuine and malware free. Some of the software bundled with genuine and cyber secure software are in fact designed to commit cyber crimes and indulge in cyber attacks.

Once the malicious software is installed upon the victim’s computer, the system is compromised and becomes part of a larger network known as Botnet. These Botnets are used for various malicious purposes including launching distributed denial of service (DDOS) attacks, initiating cyber attacks, engaging in click frauds regarding online advertisements, etc.

As per Techienews, Bitcoin miners are being allegedly bundled with third party potentially unwanted programs (PUPs) that come bundled with legitimate applications. This fact has been disclosed by a report issued by Malwarebytes Blog. According to the report third party applications that come bundled with legitimate applications and commonly known as potentially unwanted programs/applications (PUPs/PUAs) now come integrated with Bitcoin miners.

These miners surreptitiously carry out Bitcoin mining operations on the user’s system consuming valuable CPU time without explicitly asking for user’s consent. Because of the extensive mathematical calculations involved, the mining operation consumes a lot of CPU resource and renders the user’s system almost useless for regular operations.

Malwarebytes first came across such an instance of a Bitcoin miner when one of the users of its software requested for assistance on November 22 through a forum post. The user revealed that there was a process named “jh1d.exe” was taking up over 50 percent of the CPU resource and even after manual deletion the executable was re-appearing. The user noted that even when the executable was deleted using “moveonboot to remove it at the next boot” feature of MBM, it “manifests & executes” with a new filename “jh1c.exe”.

“We did some research and found out that the file in question was a Bitcoin Miner known as “jhProtominer”, a popular mining software that runs via the command line”, notes Malwarebytes. Upon further investigation Malwarebytes found that the parent of the Bitcoin miner was “monitor.exe”, a part of YourFreeProxy application, which “beacons out constantly, waiting for commands from a remote server, eventually downloading the miner and installing it on the system.”

Digging deeper into the EULA of the application there is a specific clause 3 titled “WBT Features on the Mutual Public Installer” that reads “COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.”

These computer calculations imply Bitcoin mining operation and the clause means that the company behind the software can and will install Bitcoin miners and use system resources to perform operations as required to mine Bitcoins and keep the rewards for themselves.

The Indian Information Technology Act, 2000 makes such act illegal and punishable. Further, the very use of Bitcoins in India is doubtful. Many Bitcoins enthusiastics wonder whether use and dealing in Bitcoins legal or illegal in India?  There is no straight forward answer to this question but the legality of Bitcoin in India is in doubts. Some regulatory guidance regarding Bitcoins can be obtained from the Indian virtual currency schemes issued by RBI. Nevertheless, Bitcoins, their functionality and legality of use in India is still a grey area.

This entry was posted in Uncategorized. Bookmark the permalink.