https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ Advertisement [9] Advertisement [10] Krebs on Security Skip to content * Home * About the Author * Advertising/Speaking 500M Avira Antivirus Users Introduced to Cryptomining January 8, 2022 12 Comments Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide largely by making the product free -- was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto. [aviracrypto] Avira Crypto Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock Inc., the same company that now owns Norton 360. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor. Like Norton 360, Avira comes with a cryptominer already installed, but customers have to opt in to using the service that powers it. Avira's FAQ on its cryptomining service is somewhat sparse. For example, it doesn't specify how much NortonLifeLock gets out of the deal (NortonLifeLock keeps 15 percent of any cryptocurrency mined by Norton Crypto). "Avira Crypto allows you to use your computer's idle time to mine the cryptocurrency Ethereum (ETH)," the FAQ explains. "Since cryptomining requires a high level of processing power, it is not suitable for users with an average computer. Even with compatible hardware, mining cryptocurrencies on your own can be less rewarding. Your best option is to join a mining pool that shares their computer power to improve their chance of mining cryptocurrency. The rewards are then distributed evenly to all members in the pool." NortonLifeLock hasn't yet responded to requests for comment, so it's unclear whether Avira uses the same cryptomining code as Norton Crypto. But there are clues that suggest that's the case. NortonLifeLock announced Avira Crypto in late October 2021, but multiple other antivirus products have flagged Avira's installer as malicious or unsafe for including a cryptominer as far back as Sept. 9, 2021. [avira-vt] Avira was detected as potentially unsafe for including a cryptominer back in Sept. 2021. Image: Virustotal.com. The above screenshot was taken on Virustotal.com, a service owned by Google that scans submitted files against dozens of antivirus products. The detection report pictured was found by searching Virustotal for "ANvOptimusEnablementCuda," a function included in the Norton Crypto mining component "Ncrypt.exe." Some longtime Norton customers took to NortonLifeLock's online forum to express horror at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default. "Norton should be DETECTING and killing off crypto mining hijacking, not installing their own," reads a Dec. 28 thread on Norton's forum titled "Absolutely furious." Others have charged that the crypto offering will end up costing customers more in electricity bills than they can ever hope to gain from letting their antivirus mine ETH. What's more, there are hefty fees involved in moving any ETH mined by Norton or Avira Crypto to an account that the user can cash out, and many users apparently don't understand they can't cash out until they at least earn enough ETH to cover the fees. In August 2021, NortonLifeLock said it had reached an agreement to acquire Avast, another longtime free antivirus product that also claims to have around 500 million users. It remains to be seen whether Avast Crypto will be the next brilliant offering from NortonLifeLock. As mentioned in this week's story on Norton Crypto, I get that participation in these cryptomining schemes is voluntary, but much of that ultimately hinges on how these crypto programs are pitched and whether users really understand what they're doing when they enable them. But what bugs me most is they will be introducing hundreds of millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to "level up" their personal security practices in fairly significant ways. This entry was posted on Saturday 8th of January 2022 01:05 PM A Little Sunshine AVAST! Avira Crypto cryptomining Norton 360 Norton Crypto NortonLifeLock Post navigation - Norton 360 Now Comes With a Cryptominer 12 thoughts on "500M Avira Antivirus Users Introduced to Cryptomining " 1. M January 8, 2022 Just to clarify - in Nov 2019 Broadcom acquired the Enterprise business of Symantec. What's left was renamed to NortonLifeLock. Symantec is still alive as a group under Broadcom Software Group Reply - 2. robin January 8, 2022 krebsonsecurity.com did not encrypt this message Why? Reply - 3. CyberCPA January 8, 2022 Brian, could you do one of your occasional advice columns on best approaches for users without IT departments to replace these crypto-mining featured -malware programs? Reply - 1. BrianKrebs Post authorJanuary 8, 2022 Yes. Remove them and turn on Windows Defender. Reply - 4. Ben Hyde January 8, 2022 Is this sponsored by the local electric companies? Since, I suspect any income generated is less than the cost of electricity? Reply - 1. Wouldnt January 8, 2022 Are you American by any chance? Reply - 5. ReadandShare January 8, 2022 Corporate greed: a world-wide race to the bottom! Reply - 6. John January 8, 2022 Massive lawsuit coming to Norton and Avira. You can't just use someone's resources to mine crypto regardless if there's an option to opt-out. This is theft and they will pay for it. Reply - 7. schustet January 8, 2022 Make sure you answer the IRS crypto question correctly now that you are receiving crypto: "At any time during the tax year, did you receive, sell, exchange or otherwise dispose of any financial interest in any virtual currency?" Reply - 8. John Mac January 8, 2022 What I find interesting is that Lifelock acquired a company called ID Analytics who had some really sweet proprietary tech which we used to identify possible breaches of PII. But within 2 years of being under Lifelock control, most of the people we had contact with, sales, support and engineers, had left the company. Seems life under LifeLock control and their plans for how to use the tech were a problem for staff. Fair enough, new boss makes the rules. We also ended up not renewing our contract with ID Analytics/LifeLock, lost confidence as LifeLock had so many run ins with oversight agencies. Plus off the record comments of ex-employees of ID Analytics regarding the new employers business views raised concerns over trust. So the tendency to acquire a company and mess it up was continued when Symantec bought LifeLock. So while surprised at this whole turn of events I'm kind of not surprised. LifeLock was a toxic company that made money, bought a good organization that it spoiled even it attracted more of the same toxicity. Reply - Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment [ ] Name * [ ] Email * [ ] Website [ ] [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Advertisement [6] Advertisement Mailing List Subscribe here Search KrebsOnSecurity Search for: [ ] [Search] Recent Posts * 500M Avira Antivirus Users Introduced to Cryptomining * Norton 360 Now Comes With a Cryptominer * Happy 12th Birthday, KrebsOnSecurity.com! * NY Man Pleads Guilty in $20 Million SIM Swap Theft * Microsoft Patch Tuesday, December 2021 Edition Spam Nation Spam Nation A New York Times Bestseller! Thinking of a Cybersecurity Career? Thinking of a Cybersecurity Career? Read this. All About Skimmers All About Skimmers Click image for my skimmer series. Story Categories * A Little Sunshine * All About Skimmers * Ashley Madison breach * Breadcrumbs * Data Breaches * DDoS-for-Hire * Employment Fraud * How to Break Into Security * Latest Warnings * Ne'er-Do-Well News * Other * Pharma Wars * Ransomware * Security Tools * SIM Swapping * Spam Nation * Target: Small Businesses * Tax Refund Fraud * The Coming Storm * Time to Patch * Web Fraud 2.0 The Value of a Hacked PC valuehackedpc Badguy uses for your PC Badguy Uses for Your Email Badguy Uses for Your Email Your email account may be worth far more than you imagine. Donate to Krebs On Security Most Popular Posts * Sextortion Scam Uses Recipient's Hacked Passwords (1076) * Online Cheating Site AshleyMadison Hacked (798) * Sources: Target Investigating Data Breach (620) * Trump Fires Security Chief Christopher Krebs (534) * Cards Stolen in Target Breach Flood Underground Markets (445) * Reports: Liberty Reserve Founder Arrested, Site Shuttered (416) * Was the Ashley Madison Database Leaked? (376) * DDoS-Guard To Forfeit Internet Space Occupied by Parler (374) * True Goodbye: 'Using TrueCrypt Is Not Secure' (363) * Who Hacked Ashley Madison? (361) Why So Many Top Hackers Hail from Russia [computered-580x389] Category: Web Fraud 2.0 Criminnovations Innovations from the Underground [shreddedID-copy-285x189] ID Protection Services Examined Is Antivirus Dead? Is Antivirus Dead? The reasons for its decline The Growing Tax Fraud Menace The Growing Tax Fraud Menace File 'em Before the Bad Guys Can Inside a Carding Shop Inside a Carding Shop A crash course in carding. Beware Social Security Fraud Beware Social Security Fraud Sign up, or Be Signed Up! How Was Your Card Stolen? How Was Your Card Stolen? Finding out is not so easy. Krebs's 3 Rules... Krebs's 3 Rules... ...For Online Safety. (c) Krebs on Security