Hola Browser hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The Windows version of Hola Browser suffered a supply chain compromise that pushed an undeclared cryptocurrency miner, exposing some users to unwanted code execution and persistence. The affected build installed a hidden executable and persistence components on Windows systems. Hola said the issue affected about 0.1% of users and there was no evidence of data access or theft.
Related Happenings
Hola Browser for Windows Monero miner compromise
Malware Activity
First: 05.06.2026 00:27
Last: 05.06.2026 00:27
Sources 1
How related:
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner.
About this happening:
The **Hola Browser for Windows** supply chain delivered an **undeclared Monero miner**, putting some installations at risk of unauthorized CPU use and persistence. Researchers fou...
Hola Browser for Windows Monero miner compromise
Malware ActivityHow related: The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner.
About this happening: The **Hola Browser for Windows** supply chain delivered an **undeclared Monero miner**, putting some installations at risk of unauthorized CPU use and persistence. Researchers fou...
UNC1069 open-source maintainer social-engineering campaign
Campaign
First: 04.04.2026 23:30
Last: 04.04.2026 23:30
Sources 1
About this happening:
UNC1069's **coordinated social-engineering campaign** against **Node.js and npm maintainers** has widened, with multiple developers reporting the same lure pattern and the potenti...
UNC1069 open-source maintainer social-engineering campaign
CampaignAbout this happening: UNC1069's **coordinated social-engineering campaign** against **Node.js and npm maintainers** has widened, with multiple developers reporting the same lure pattern and the potenti...
Latest development: 06.04.2026 23:55
Security researcher Taylor Monahan and Socket reported that members of the open source software community, including Socket engineers and CEO Feross Aboukhadijeh, were targeted by the same slow-burn LinkedIn, Slack, and Microsoft Teams social engineering playbook used against Axios maintainer Jason Saayman, indicating the campaign was wider than a single Axios compromise.
Timeline
-
05.06.2026 00:27 2 articles · 1h ago
Hola Browser for Windows compromise delivers undeclared Monero miner
Initial DisclosureAppEsteem certification checks and cybersecurity review uncovered an undeclared executable named me.exe in some Windows installations of Hola Browser under C:\Program Files\Hola\. Sophos found signs that the binary was a Monero cryptocurrency miner, including obfuscated code, no timestamp, no digital signature, and behavior that adds a Windows Defender exclusion rule, copies itself as HolaMonitorService.exe, creates the auto-starting service hola_monitor_svc, and runs when the computer is idle. Hola said the supply chain compromise affected about 0.1% of users, with no evidence of user data access, theft, or compromise, and said it rebuilt its distribution pipeline with tighter code-signing verification, access controls, and monitoring.
Show sources
- Hola Browser for Windows compromised to deliver cryptominer — www.bleepingcomputer.com — 05.06.2026 00:27
- Hola Browser for Windows compromised to deliver cryptominer — www.bleepingcomputer.com — 05.06.2026 00:27