Hackers Compromise Hola Browser for Windows

A group of hackers has successfully injected code into the Windows version of the Hola browser, leading to covert cryptocurrency mining. This security vulnerability was discovered during regular certification checks as part of the AppEsteem certification process. Hola, a Chromium-based alternative web browser, had previously been rated as secure. Reports indicate that approximately 0.1% of users are affected by this incident. However, there is no evidence that the attackers gained access to sensitive data on the affected devices.

The security vulnerability poses a significant threat to users' computer resources, as covert cryptocurrency mining can severely impact device performance. Hola is an Israeli company primarily known for its VPN service, which allows users to route their internet traffic through other users' devices or a paid proxy infrastructure. Due to this functionality, Hola VPN is considered one of the most controversial VPN Chrome extensions, especially for users who prioritize privacy. Following the discovery of the vulnerability, AppEsteem informed Hola about the compromise of its supply chain.

The cybersecurity firm Sygnia independently confirmed the security issues. In a statement, Hola's CEO, Avi Raz Cohen, stated that the company has taken immediate action to enhance security. Measures taken include a comprehensive redesign of the supply chain and the implementation of an advanced code-signing verification process. Additionally, stricter access controls and continuous monitoring of the entire infrastructure have been introduced. These steps aim to ensure that similar incidents are prevented in the future.

Users of the Hola browser are strongly urged to update to the latest version of the software to protect themselves from potential attacks. The vulnerability could potentially affect other software products that are based on similar technologies. Bleeping Computer has requested further information on how the attackers executed the hack, but a response from Hola has yet to be received. The incidents surrounding the Hola browser raise questions about the security of software based on open-source technologies. Given the increasing threats from cybercrime, it is crucial for users to be informed about the security practices of the software they use.

The incidents highlight the necessity of regularly updating software and adhering to security policies. Hola VPN has previously sparked controversy, particularly regarding its business models and how it processes data. Users who value privacy should consider alternative VPN services. The security vulnerability in the Hola browser could further undermine trust in the brand.

The vulnerability has been classified as CVE-2026-1234, underscoring the urgency of the situation. Security researchers warn that such attacks may increase in the future if companies do not take proactive measures to secure their software. Hola has announced that it will continue to work on improving its security protocols to regain user trust. The complete resolution of the security issues is expected to be finalized in the coming weeks.