Online security

500 million Avira Antivirus users introduced to cryptomining – Krebs on Security

Many readers have been surprised recently to learn that the popular Norton 360 The antivirus suite now comes with a program that allows customers to earn money by mining virtual currency. But Norton 360 is not alone in this dubious endeavor: Avira antivirus – which has built a base of 500 million users worldwide largely by making the product free – was recently purchased by the same company that owns Norton 360 and presents its customers with a service called Avira Crypto.

Avira Crypto

Founded in 2006, Avira Operations GmbH & Co. KG is a German multinational software company known for its Avira Free Security (aka Avira Free Antivirus). In January 2021, Avira was acquired by Tempe, Arizona. NortonLifeLock Inc., the same company that now owns Norton 360.

In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed NortonLifeLock in 2019. LifeLock is now included in the Norton 360 service; Avira offers users a similar service called Breach Monitor.

Like Norton 360, Avira comes with a cryptominer already installed, but customers must choose to use the service that powers it. Avira’s FAQ on its cryptomining service is somewhat sparse. For example, it doesn’t specify how much NortonLifeLock is withdrawing from the deal (NortonLifeLock keeps 15% of any cryptocurrency mined by Norton Crypto).

“Avira Crypto allows you to use your computer’s idle time to mine Ethereum (ETH) cryptocurrency,” the FAQ explains. “Because cryptomining requires high processing power, it is not suitable for users with an average computer. Even with compatible hardware, mining cryptocurrency on your own can be less rewarding. Your best option is to join a mining pool that shares their computing power to improve their chances of mining cryptocurrency. The rewards are then distributed evenly to all pool members.

NortonLifeLock has yet to respond to requests for comment, so it’s unclear whether Avira uses the same cryptomining code as Norton Crypto. But there are clues that suggest it is. NortonLifeLock announced Avira Crypto at the end of October 2021, but several other antivirus products reported the Avira installer as malicious or dangerous for including a cryptominer as of September 9, 2021.

Avira was detected as potentially dangerous for including a cryptominer in September 2021. Image:

The above screenshot was taken from, a Google-owned service that scans submitted files against dozens of antivirus products. The detection report shown was found by searching Virustotal for “ANvOptimusEnablementCuda”, a feature included in the Norton Crypto mining component “Ncrypt.exe”.

Some long-time Norton customers have taken to the NortonLifeLock online forum to express their horror that their antivirus product will install coin mining software, whether or not the mining service is disabled by default.

“Norton should DETECT and eliminate crypto-mining hijacking, not install theirs,” read a December 28 discussion thread on Norton’s forum titled “Absolutely Furious.”

Others have claimed that the crypto offering will end up costing customers more in electricity bills than they could ever hope to earn by letting their antivirus exploit ETH. Additionally, there is a high fee to transfer any ETH mined by Norton or Avira Crypto to an account that the user can cash out, and many users apparently don’t understand that they can’t cash out until they have cashed out. not at least earned enough ETH to cover the costs.

In August 2021, NortonLifeLock announced that it had entered into an agreement to acquire Avast, another long-standing free antivirus product that also claims to have around 500 million users. It remains to be seen whether Avast Crypto will be NortonLifeLock’s next brilliant offering.

As mentioned in this week’s Norton Crypto article, I understand that participation in these cryptomining programs is voluntary, but a lot of it ultimately depends on how these crypto programs are presented and whether the users really understand what they are doing when they activate them. But what bothers me the most is that they will introduce hundreds of millions of perhaps less savvy internet users to the world of cryptocurrency, which has its own set of unique security and safety challenges. privacy that requires users to “improve” their personal security practices in fairly important ways.