500M Avira Antivirus Users Introduced to Cryptomining – Krebs on Security

Many readers were recently surprised to learn that the popular Norton 360 The antivirus suite now includes a program that allows customers to earn money by mining virtual currency. But Norton 360 is not alone in this dubious endeavor: Avira antivirus, which has built a 500 million user base around the world, largely by making the product free, was recently purchased by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.

Avira Crypto

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for its Avira Free Security (also known as Avira Free Antivirus). In January 2021, Avira was acquired by Arizona-based Tempe. NortonLifeLock Inc., the same company that now owns Norton 360.

In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor.

Like Norton 360, Avira comes with a cryptominer already installed, but customers must choose to use the service that powers it. Avira’s frequently asked questions about its crypto mining service are somewhat rare. For example, it doesn’t specify how much NortonLifeLock gets from the deal (NortonLifeLock takes 15 percent of any cryptocurrency mined by Norton Crypto).

“Avira Crypto allows you to use your computer’s downtime to mine Ethereum (ETH) cryptocurrency,” the FAQ section explains. “Since crypto mining requires a high level of processing power, it is not suitable for users with an average computer. Even with supported hardware, mining cryptocurrency on your own can be less rewarding. Your best bet is to join a mining pool that shares the power of your computer to improve your chances of mining crypto. The rewards are then distributed evenly among all group members. “

NortonLifeLock has not yet responded to requests for comment, so it is unclear if Avira uses the same cryptocurrency mining code as Norton Crypto. But there are clues that suggest that is the case. NortonLifeLock announced Avira Crypto at the end of October 2021, but many other antivirus products have flagged the Avira installer as malicious or insecure for including a cryptocurrency since September 9, 2021.

Avira was detected as potentially unsafe for including a cryptocurrency in September 2021. Image: Virustotal.com.

The above screenshot was taken from Virustotal.com, a Google-owned service that scans submitted files against dozens of antivirus products. The detection report shown in the image was found by searching Virustotal for “ANvOptimusEnablementCuda”, a feature included in the Norton Crypto mining component “Ncrypt.exe”.

Some long-time Norton customers took to the NortonLifeLock online forum to express their horror at the prospect of their antivirus product installing coin mining software, regardless of whether the mining service was disabled by default.

“Norton should DETECT and end cryptocurrency mining hijacking, not install its own,” read a Dec. 28 thread on Norton’s forum titled “Absolutely Furious.”

Others have charged that the crypto offering will end up costing customers more in electricity bills than they could hope to get from letting their antivirus mine ETH. Additionally, there are steep fees involved in moving any ETH mined by Norton or Avira Crypto to an account that the user can withdraw, and many users apparently don’t understand that they can’t withdraw money until they at least earn enough ETH to cover the fees.

In August 2021, NortonLifeLock said it had reached an agreement to acquire Avast, another long-standing free antivirus product that also claims to have around 500 million users. It remains to be seen if Avast Crypto will be NortonLifeLock’s next brilliant offering.

As mentioned in this week’s story on Norton Crypto, I understand that participation in these crypto mining schemes is voluntary, but a lot of that ultimately depends on how these crypto programs are launched and whether users really understand what they are. doing when they enable them. But what bothers me the most is that they will introduce hundreds of millions of internet users, perhaps less intelligent, to the world of cryptocurrencies, which comes with its own set of unique security and privacy challenges that require users to “level” their personal safety practices in quite significant ways.

Leave a Comment