Many users install an antivirus to protect themselves from cryptomining malware, such as KryptoCibule, which silently hijacks system resources and uses them to mine various cryptocurrencies.
The users of Norton 360 don’t have to wait for cryptominers to infect their computers because the company behind the popular antivirus software has generously included one with the application.
Called Norton Crypto, the cryptomining tool has been available in Norton 360 since June 2021, allowing users to painlessly mine Ether, the native cryptocurrency of Ethereum.
“As the crypto economy continues to become a more important part of our customer’s lives, we want to empower them to mine cryptocurrency with Norton, a brand they trust” explained Vincent Pilette, CEO of NortonLifeLock, the company that owns the Norton product line. “Norton Crypto is yet another innovative example of how we are expanding our Cyber Safety platform to protect our customer’s ever-evolving digital lives”.
However, not all users of Norton 360 welcome this innovation, and some have already canceled their subscriptions to put some weight behind their disapproval of the new feature. One common complaint users have is that the presence of a cryptominer could make them juicy targets in the eyes of cybercriminals, who have been actively going after cryptocurrency owners ever since Bitcoin became a well-known name.
While the feature is turned off by default and can be enabled only on computers that meet certain hardware requirements (the presence of a capable NVIDIA graphics card is one of them), it’s not exactly easy to remove it entirely. To do that, it’s necessary to temporarily disable the tamper protection feature Norton 360 uses to prevent malware from disabling it.
What’s more, Norton Crypto is a blatant cash grab because it charges a fee of 15% in addition to the cost of Ethereum’s transaction fees. To put the number into perspective, most other Ethereum mining pools, which anyone can join without much effort, charge just 1 or 2%.
Clearly, someone at NortonLifeLock has decided to pursue what they must believe is a terrific opportunity to join the cryptomining mania, and they’re willing to see how their user base will react.
LastPass Has Revealed Yet Another Security Breach
It’s been revealed that the popular password manager was hacked using intel gained from a previous August 2022 attack.
The CEO of LastPass, Karim Toubba, has revealed that the leading password manager has suffered another serious data breach. Toubba said that LastPass engineers detected unusual activity from a third-party cloud storage service in August 2022 — a service shared with parent company GoTo, which readers may remember by its former name of LogMeIn.
Security firm Mandiant was hired to investigate the suspicious incident, and together, they uncovered that the unauthorized person(s) gained access to LastPass cloud services using information obtained from a previous security breach in August of this year. The latest incident is thought to be rather serious, giving the criminal party access to “certain elements” of customer information.
When the password manager’s systems were breached back in August, Toubba says that after an investigation, the unauthorized party was found to have had internal access to LastPass systems for four days. The hacker was able to steal source code and some technical information, but security engineers said customer data and password vaults remained safe.
In a separate but related announcement, parent company GoTo has admitted that hackers gained entry into its own development environment of remote work tools. Echoing the statement from LastPass, GoTo has assured customers that its services are functioning fine despite the data breach. Both LastPass and its parent company are still investigating the scope of the incidents, and we’ll likely hear more details over the coming months.