Hola Browser for Windows Monero miner compromise
Malware Activity
Summary
Hide ▲
Show ▼
The Hola Browser for Windows supply chain delivered an undeclared Monero miner, putting some installations at risk of unauthorized CPU use and persistence. Researchers found the payload during AppEsteem certification checks after it had already been distributed through the browser pipeline. The executable was identified as me.exe and was installed in some cases under the Hola program directory.
Related Happenings
Hola Browser hit by network compromise
Incident
First: 05.06.2026 00:27
Last: 05.06.2026 00:27
Sources 1
How related:
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner.
About this happening:
The **Windows version of Hola Browser** suffered a **supply chain compromise** that pushed an undeclared **cryptocurrency miner**, exposing some users to unwanted code execution a...
Hola Browser hit by network compromise
IncidentHow related: The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner.
About this happening: The **Windows version of Hola Browser** suffered a **supply chain compromise** that pushed an undeclared **cryptocurrency miner**, exposing some users to unwanted code execution a...
WebRAT malware distribution via fake GitHub exploit repositories
Malware Activity
First: 23.12.2025 21:31
Last: 23.12.2025 21:31
Sources 1
About this happening:
The **WebRAT** backdoor is now being **distributed through GitHub repositories** that masquerade as proof-of-concept exploits, increasing the chance that researchers and developer...
WebRAT malware distribution via fake GitHub exploit repositories
Malware ActivityAbout this happening: The **WebRAT** backdoor is now being **distributed through GitHub repositories** that masquerade as proof-of-concept exploits, increasing the chance that researchers and developer...
Timeline
-
05.06.2026 00:27 2 articles · 1h ago
Hola Browser for Windows supply chain compromise delivers a Monero miner
Initial DisclosureHola Browser for Windows was compromised in a supply chain attack that installed an undeclared executable named me.exe under C:\Program Files\Hola\; researchers found signs that it was a Monero cryptocurrency miner, and the payload added a Windows Defender exclusion rule, copied itself as HolaMonitorService.exe, created the hola_monitor_svc service, and ran when the computer was idle. Hola said it rebuilt its distribution pipeline, strengthened code-signing verification, and tightened access controls and monitoring, while reporting that about 0.1% of users were affected and that there was no evidence of user data access or theft.
Show sources
- Hola Browser for Windows compromised to deliver cryptominer — www.bleepingcomputer.com — 05.06.2026 00:27
- Hola Browser for Windows compromised to deliver cryptominer — www.bleepingcomputer.com — 05.06.2026 00:27