Hola says its Windows browser installer was compromised and, in some cases, delivered hidden mining malware to users. AppEsteem certification checks and analysis by Sophos found an undeclared executable, 'me.exe,' installed under the Hola program folder; the binary was unsigned, obfuscated, added a Microsoft Defender exclusion, copied itself as 'HolaMonitorService.exe,' created the 'hola_monitor_svc' Windows service for persistence, and appeared to mine Monero when the PC was idle. Hola said about 0.1% of users were affected and that it rebuilt its distribution pipeline after separately confirming the compromise with Sygnia.
Why it matters: People who installed Hola Browser on Windows may have unknowingly run malware that abuses their computer for cryptocurrency mining and weakens local defenses. Affected users and admins should treat this as urgent: verify installations, look for the named files and service, remove Hola if necessary, and reinstall only from a trusted, verified build.
SecurityWeek News
2026.06.05
69% relevant
The roundup explicitly notes the Hola Browser miner bundling as one of the week’s notable items, reinforcing that compromise as a tracked security event.
Bill Toulas
2026.06.04
100% relevant
This article establishes a distinct supply-chain attack on Hola Browser for Windows, including malware behavior, limited scope claims, and vendor confirmation of the compromise.
← Back to all stories