If following the spate of recent blocks here in the UK, you’ve been looking for alternative ways to visit your favourite torrent site, you may have made use of YourFreeProxy, a toolbar that provides a simple way of circumventing any government sanctioned censorship. However, it turns out that “the most trusted proxy service,” in the world, is actually far more nefarious, as it’s been secretly installing a bitcoin miner on users’ PCs.
This was discovered and outed by the fine folks over at MalwareBytes, after one of its users reported a 50 per cent increase in CPU usage after installing the toolbar. Upon closer inspection, it turned out that jh1d.exe had been gobbling up a lot of system resources. This file turned out to be the executable for jhProtominer, a popular bit of mining software. This was all controlled by monitor.exe, which was created by Mutual Public, a company that it turns out, also owns YourFreeProxy.
The ballsiest part of this whole thing, is that YourFreeProxy actually tells you it’s going to do this in its Terms and Conditions, but does it with deliberately vague language: “COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.”
Essentially, that breaks down to: ‘we can install a miner on your PC and take all the profits from it, without compensating you for the fact that your hardware will then have a shorter lifespan.’
MalwareBytes has now updated its software so a quick scan will usually find this issue and give you the option to permanently remove it.
KitGuru Says: Do any of you use YourFreeProxy and if so, has your PC been running a bit slow recently?