Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to delete
Disable anti-tamper features first and you'll be all right
Updated Norton antivirus's inbuilt cryptominer has re-entered the public consciousness after a random Twitter bod expressed annoyance at how difficult it is to uninstall.
The addition of Ncrypt.exe, Norton 360's signed cryptocurrency-mining binary, to installations of Norton antivirus isn't new – but it seems to have taken the non-techie world a few months to realise what's going on.
Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock's pitch, as we reported, was that people dabbling in cryptocurrency mining probably weren't paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?
In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. While this compares well to the 100 per cent takings that criminals covertly deploying cryptominers help themselves to, some might say it's a bit excessive for minimal effort on Norton's part.
@Norton @TheHackersNews @WIRED @CondeNast @hacks4pancakes @SwiftOnSecurity— Maxius (@mAxius) December 31, 2021
Norton is installing a Cryptocurrency miner called Norton Crypto (NCrypt.exe) on end user systems without so much as a dialogue during the install of its security product.
Other netizens dotted around the web have complained that they find it difficult to uninstall the Norton cryptominer.
We have asked Norton for comment and will update this article when we hear back from the biz. According to the company's FAQ, the function must be activated by the users themselves and requires powerful hardware to meet its system requirements.
- Miner vs miner: Attack script seeks out and destroys competing currency crafters
- FreedomFi's 5G gateways will mine HNT cryptocurrency for owners who dole out coverage to passing users, IoT devices
- Cryptominers aren't just a headache – they're a big neon sign that Bad Things are on your network
The cryptominer is signposted during installation of Norton 360, though given the well-documented phenomenon of folks speedily clicking away EULAs, it's entirely likely non-technical users are unknowingly enabling it and then complaining about suddenly slow-running PCs due to a cryptominer technically running with their permission.
"If you have turned on Norton Crypto, but you no longer want to use the feature, you can disable it through your Norton Crypto dashboard," says the FAQ on Norton's website.
Uninstalling it altogether takes a bit more persistence, it appears, with users needing to disable Norton Product Tamper Protection (intended to protect the antivirus product from being disabled or deleted by malware) before going through the usual Windows uninstallation steps.
Norton isn't alone: last year a maker of Wi-Fi routers offered to mine cryptocurrency on users' devices if they supplied connectivity to the general public. ®
Updated to add at 0857 UTC, 6 January 2022:
Norton has been in touch to say: "Norton Crypto is an opt-in feature only and is not enabled without user permission. If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled through Norton 360 by temporarily shutting off "tamper protection" (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer."