Why Is Norton Antivirus Installing Crypto-Mining Software on PCs?

Norton Antivirus has recently come under fire for bundling an Ethereum crypto-miner in its 360° security software. The inclusion of this crypto-miner was first announced in June, 2021, and resurfaced in the cultural zeitgeist this past week. A number of tech media outlets have drawn attention to the software, Norton's financial incentive for pushing crypto-miners, and the ethical gray waters of what amounts to a crypto-mining trojan horse.

Here's What You Need to Know About Norton's Crypto-Mining Software:

Why Is Norton Pushing an Ethereum Crypto Miner?

To contextualize the controversy, it's important to understand why Norton has taken an interest in crypto-mining software, and what the company stands to gain from its inclusion. The idea behind the software is to turn idle computer time into Ethereum. Users can set idle periods on their computers (after work hours, weekend blocks, etc.), during which the mining software runs. This software aggregates the computing power of its users, in an effort to mine a block of Ethereum. If successful, the profits are divided between participating users. These profits are stored in a virtual wallet - set up by Norton - and can be cashed out via Coinbase once a minimum threshold is met. While traditional pooling software typically charges a 1-2% commission fee, Norton is claiming 15% of the profits. This is on top of the initial software cost. Norton is pitching the software as an alluring stream of passive income (at the time of writing a block of Ethereum is valued at $7,137.41), that also supports the company's bottom line.

Socialimage_Datasheets_Cybersecurity Checklist for SMBs

Is Norton's Crypto Miner Putting Your Computer at Risk?

While users are certainly being gouged on price, Norton's app NCrypt.exe won't mine without express permission. Users need to opt in and not all computers can run the software. That said, Norton does not make it clear during the initial setup process that a crypto-miner is being included. They also have plans to expand their mining suite - adding other currencies in the coming months. Norton's financial incentives are considerable, so it's more important to remain an informed end-user of their products. Here are our recommendations:

  1. Read End-User License Agreements - take the time to review all EULAs that apply to you, or your company. You need to know if unexpected programs are being nested in software.
  2. Audit Your Vendors - Norton is a big company, with a wide user base and a comparatively large amount of visibility. It's important to review any and all vendors you may be using, especially those with smaller user bases and comparatively less oversight. 
  3. Talk to Your IT Team - when it comes to issues of shadow IT, governance, and compliance, you don't want to take any chances with software. Talk to your IT team to set up preventative rules, such as preventing users from automatically installing new software, etc.


Contact for a Free Consultation