Hola, Hola VPN users, you may have been part of a botnet!

Stefanie Smith, 19 June 2015

Hola, Hola VPN users, you may have been part of a botnet!

VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:

  • allows Hola users to use each others’ bandwidth
  • sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
  • and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.

If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.

The service, which can be downloaded either as an app or as a browser extension, is a peer-to-peer network that allows people to use other Hola users’ bandwidth to anonymize their browsing activities and to circumvent geo-restricted content.

Hola_logo_blackWhat many users did not realize is that they were essentially exit nodes and other Hola users could use their bandwidth to carry out illegal activity, like accessing child pornography.

Additionally, Hola sells its users’ bandwidth to its sister company, Luminati. Prior to the end of May, Hola did not mention Luminati on its website. Luminati’s premium service, which was originally advertised as being an anonymization network, uses Hola’s users as nodes to redirect traffic through. Hola’s connection to Luminati was exposed after a Luminati client launched a DDOS attack on 8chan, using Hola’s network (users) as a botnet.

Researchers at Vectra, a security company that identifies cyber attacks, dug a little deeper and discovered that Hola can also download and install additional software without the user’s knowledge and can install and run code without the user’s knowledge as well. Furthermore, Vectra found that Hola contains a built in console, “zconsole”. Zconsole allows direct human interaction with an Hola node even when Hola is not being actively used by a user. With access to the console an attacker could, as Vectra points out, “accomplish almost anything” and launch a large and targeted attack.

What we can learn from this

There is one main lesson people should learn from the Hola situation: research the products you download and use.

What many people may not have been aware of in this situation was how their bandwidth could be abused by fellow Hola users and how much control Hola had. A VPN helps you to anonymize all of your browsing activities – and to access content in geo-restricted regions by redirecting it through other servers. This can, for example, be useful if you travel or live abroad and want to access content from your home country.

What you should research before choosing a VPN service

Before deciding which VPN service to use, research the VPN provider and make sure the provider you choose is trustworthy. Find out what methods they use. If they use servers to redirect traffic through, make sure you know who owns the servers, what they do with the data that flows through the servers and whether or not they keep your data or sell it to third parties.

Avast for example, offers free antivirus, but our Avast SecureLine VPN is a premium service. We charge for our VPN services, because we pay extra to own and maintain servers around the world to redirect traffic through. We do not log the data that flows via our VPN services.

Know how much control your VPN service really has Hola is available as an app and browser extension and as mentioned above, Vectra found that Hola is able to do a lot more than just redirect your traffic. Hola can download and run additional code through your browser, without your knowledge. Browser extensions in general have immense control over your browser that most users may not be fully aware of.

“Browser extensions can see everything you see in your browser, as well as everything you type in your browser, including passwords. Untrustworthy browser extension vendors can easily misuse this data and it is therefore extremely important that users be careful when choosing which browser extensions to install. On top of that, browser extensions can also manipulate search results and slow down your browser.” Thomas Salomon, head of Browser Cleanup product development at Avast.

What you should do before downloading a browser extension

When deciding on whether or not you should download a browser extension, you should also first make sure the extension comes from a reliable and trusted source, read both professional and user reviews about the extension and read the extensions terms and conditions before downloading it.

What you should do if you have a bad extension installed on your browser If you are worried that you may have malicious extensions (they are often added when installing an otherwise legitimate program without you even noticing) installed on your browser or have an extension that is difficult to remove, you should run Avast Browser Cleanup. Avast Browser Cleanup is a tool that removes malicious and poorly rated add-ons and restores your browser to its initial and clean state. Avast Browser Cleanup is included in Avast and is now also available as a stand-alone product.

Keeping your browsing safe

Our browsing information is extremely valuable: we bank online, keep in touch with our loved ones via email and social media, search for everything under the sun on the Internet. Piece all this information together and you have someone’s complete identity, not something you want to hand over to just anyone.

VPNs and browser extensions, like Hola, become dangerous the minute they abuse their power, without openly informing their users of what they are doing. It is therefore vital that you are aware of what software you have installed on your computer and what extensions you have installed on your browser to keep your private information private.

Related articles