1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

uTorrent silently installing bundled Bitcoin mining software - Anyone see this yet?

Discussion in 'BlackHat Lounge' started by sashablack, Mar 6, 2015.

  1. sashablack

    sashablack Elite Member

    Joined:
    Jan 8, 2010
    Messages:
    3,697
    Likes Received:
    2,059
    Gender:
    Male
    • Thanks Thanks x 2
  2. veboo

    veboo Jr. VIP Jr. VIP

    Joined:
    Aug 22, 2014
    Messages:
    1,096
    Likes Received:
    678
    That's why I use Bit-torrent :D
     
  3. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,029
    Likes Received:
    3,205
    Location:
    Hell
    Home Page:
    Not only utorrent But most of the software like desktop captures also doing this. Its hard to detect them for normal user.
     
  4. thebomb

    thebomb Junior Member

    Joined:
    Apr 18, 2011
    Messages:
    118
    Likes Received:
    25
    Won't an antivirus software find this? Normally a software needs permission to install additional features. If it's incorporated within the software itself, then shut down the software when not in use, though if you KNOW that they are installing it, uninstall it.

    Curious how much they would make if they installed on 100k computers.
     
  5. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    6,954
    Likes Received:
    7,984
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    yea, just read this, latest utorrent versions suck anyway

    there was an option during installation to opt-out, the tricky thing that the litecoin miner was already ticked, if you didn't remove the tick, the software was installed
     
  6. spmcnerd

    spmcnerd Regular Member

    Joined:
    Dec 20, 2010
    Messages:
    310
    Likes Received:
    107
    "
    Christian Averill, a spokesperson for BitTorrent, which owns ĀµTorrent, said that the company takes “claims of silent installs very seriously” and noted that anyone installing this “is accepting the offer separately from our software. These are strictly opt-in.”

    “I mean with every install you make, you need to look at what you're clicking on and be mindful of that,” he said. “There's a clear accept, do not accept tab.”"
     
  7. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    6,954
    Likes Received:
    7,984
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    he's right though and utorrent isn't the only software which does this, here's java for instance, which is much more widely used, if you don't untick the ask default search/browser addon, it will be installed, because it's ticked by default, although it's not a cryptocurrency miner, but the same principle
     
  8. V

    V Elite Member

    Joined:
    May 18, 2012
    Messages:
    2,254
    Likes Received:
    2,579
    Occupation:
    Student
    Location:
    /tmp
    They are not the only one preying on the ignorant users, a lot of others are doing the same. I always uncheck useless bundled softwares, but after reading the article I am a bit worried. Who knows what they installed in the background without our permission. :(
     
  9. sagarbest

    sagarbest Senior Member

    Joined:
    Dec 27, 2008
    Messages:
    851
    Likes Received:
    306
    Occupation:
    Online Marketing
    Location:
    Technology World
    Yes I recently update it and got something epic scale. I instantly uninstalled it.
     
  10. ChanzGrande

    ChanzGrande Elite Member

    Joined:
    Feb 16, 2008
    Messages:
    2,484
    Likes Received:
    1,172
    Occupation:
    Accountant
    Location:
    Northern Woods Counting Money
    Thanks for highlighting this sashablack. I suspect most people will imagine a scenario where uTorrent has specifically exploited something here, but this is most likely a situation where those users failed to un-tick the boxes for those optional software additions. It is very unlikely uTorrent themselves would put themselves in the situation of un-attended and unauthorized installations given the experience several years ago of a number of major PPI players. They would lose a lot more than they would gain.

    However, I can imagine some scenarios where somebody else packaged uTorrent with their own silent installation of a crypto-currency miner such as Epic Scale. Sounds like something somebody from here would dream up.
     
  11. akacash

    akacash Jr. VIP Jr. VIP

    Joined:
    Jan 16, 2010
    Messages:
    839
    Likes Received:
    618
    Location:
    The Beach, USA
    Source: http://gizmodo.com/your-torrent-client-might-be-mining-bitcoin-without-tel-1689852069

    As far as what they're makign, lol, it can't be that much. I understand that a lot of people use uTorrent, but the idea that you're going to CPU mine against Bitcoin is funny. The network hashrate, mixed with how slow CPU mining is to begin with makes this an almost useless add-on. I would love to see how much they've actually made from this, it can't be very much.
     
    • Thanks Thanks x 1