Researchers at Malwarebytes have discovered that some programs covertly install Bitcoin-mining software on users’ computers, papering over the practice by including sneaky language in their license agreements allowing for “computer calculations, security.”
The malicious programs include YourFreeProxy from Mutual Public, AKA We Build Toolbars, LLC, AKA WBT. YourFreeProxy comes with a program called Monitor.exe, which repeatedly phones home to WBT, eventually silently downloading and installing a Bitcoin mining program called “jhProtominer.”
So now that we have proof that a PUP is installing miners on users systems, do they do it without ever letting the user know? Well not exactly, their EULA specifically covers a section on Computer Calculations:
COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.
Their explanation is basically the purpose of Bitcoin Miners and that they will install this software on the system, run it, use up your system resources and finally keep all rewards from the effort YOUR system puts in. Talk about sneaky.
In my opinion, PUPs have gone to a new low with the inclusion of this type of scheme, they already collected information on your browsing and purchasing habits with search toolbars and redirectors. They assault users with pop-up ads and unnecessary software to make a buck from their affiliates. Now they are just putting the nails in the coffin by stealing resources and driving user systems to the grave.