Slashdot Mirror

← Back to Stories (view on slashdot.org)

uTorrent Quietly Installs Cryptocurrency Miner

Posted by Soulskill on from the your-cpu-is-our-cpu dept.

New submitter Eloking sends news that uTorrent, a popular BitTorrent client, is silently installing cryptocurrency mining software for many users. [uTorrent] brings in revenue through in-app advertising and also presents users with “offers” to try out third-party software when installed or updated. These offers are usually not placed on users’ machines without consent, but this week many users began complaining about a “rogue” offer being silently installed. The complaints mention the Epic Scale tool, a piece of software that generates revenue through cryptocurrency mining. To do so, it uses the host computer’s CPU cycles. ... The sudden increase in complaints over the past two days suggests that something went wrong with the install and update process. Several users specifically say that they were vigilant, but instead of a popup asking for permission the Epic Scale offer was added silently.

53 of 275 comments (clear)

  1. Why uTorrent? by Anonymous Coward · · Score: 5, Informative

    For something as important and risky as BitTorrent, why would you use a proprietary client?

    1. Re:Why uTorrent? by greenwow · · Score: 5, Insightful

      It used to be great. It did exactly what you needed it to do and no more. Now it is a bloated mess like Azureus/Vuse. Now when I load UTorrent, my Windows machine slows down so much it is unusable. It loads gigabytes of ads per day. I have ISDN at home right now, and if you let it run 24/7, you can still download a surprising amount of files. That is except with the new version of uTorrent. It makes the ads a higher priority than BitTorrent so your files take days or weeks longer than they should.

    2. Re:Why uTorrent? by JMJimmy · · Score: 2

      For something as important and risky as BitTorrent, why would you use a proprietary client?

      Glad I ditched it in favour of Tixati months ago.

    3. Re:Why uTorrent? by Anonymous Coward · · Score: 5, Informative

      Exactly. It was great but not anymore. Either use an old version that had no advertising or switch to something else like qBittorent.

    4. Re:Why uTorrent? by Mister+Transistor · · Score: 2

      Exactly this. The best version was the last one before they were bought out. I still use 2.2, that version had NO advertising, and was written well before the cryptocurrencies came around.

      --
      -- You are in a maze of little, twisty passages, all different... --
    5. Re:Why uTorrent? by MrBigInThePants · · Score: 4, Interesting

      I switched to http://www.qbittorrent.org/ a while ago.

      Kicks uTorrent's butt in every way.

      If you are too lazy to switch to a better client after it becomes rubbish then YOU are the problem, not them.

      Choice is only meaningful if you can and will exercise it....

    6. Re:Why uTorrent? by ckatko · · Score: 3, Informative

      Yeah, people forget the 'u' really stood for "micro" torrent. It was tiny, it did what it was supposed to, and that's it. It's slowly become more and more of a monster, but you could at least disable the ad bars in the advanced settings. I refused to upgrade to the newer versions, and it looks like that was a good thing.

    7. Re:Why uTorrent? by MagicM · · Score: 5, Informative

      Ads? What ads? Am I the only one who messes with settings?

      Options->Preferences->Advanced
      offers.left_rail_offer_enabled=false
      offers.sponsored_torrent_offer_enabled=false

      I'm sure you should change these settings at your own risk. But it was worth the risk to me.

    8. Re:Why uTorrent? by Anonymous Coward · · Score: 5, Interesting

      Wow. I was a little skeptical, but my download speed nearly doubled after downgrading to 2.2.
      http://www.oldversion.com/windows/download/utorrent-2-2-23071

    9. Re:Why uTorrent? by RedShoeRider · · Score: 2
      I don't know why ISDN has such a bad rap.

      It's stable as hell, offers a guaranteed bit rate (albeit not that fast by modern standards), and is available just about anywhere in the USA. Mind you, what's a full T1: One form of it is 24(?) ISDN lines bonded together. I was on a 128k ISDN when I lived with the 'folks, as there was no DSL/Cable/Whatever. I torrented the hell out of that connection. Sure, it took some serious time to pull down a .iso of a movie. But it worked. It *always* worked.

      --

      Chris Knight is my hero.

    10. Re:Why uTorrent? by CosaNostra+Pizza+Inc · · Score: 2

      Yes, I adjusted those settings a while ago, after uTorrent started showing video ads with audio. However, in light of this recent news about a silent install of Cryptocurrency miner, maybe its time for me to switch to something like Qtorrent.

    11. Re:Why uTorrent? by LinuxIsGarbage · · Score: 4, Informative

      Ads? What ads? Am I the only one who messes with settings?

      Options->Preferences->Advanced
      offers.left_rail_offer_enabled=false
      offers.sponsored_torrent_offer_enabled=false

      I'm sure you should change these settings at your own risk. But it was worth the risk to me.

      Ads I could deal with (disabling). The problem is going to upgrade to a new version (when offered), you have to be extremely careful when installing to disable all the shitware. What broke it for me was missing the checkbox for conduit once. Conduit hijacks your home page and search engine, and is very difficult to remove. That was it. I stopped using uTorrent after that. Currently I use qBittorrent.

      It's irritating enough to deal with the useless bundled shitware during installation, it's even more irritating to have to carefully opt out of everything when installing an upgrade. Adobe Flash / Reader, and Java are bad at that as well.

    12. Re:Why uTorrent? by Bacon+Bits · · Score: 4, Informative

      I saw the writing on the wall years back. I posted an bug in the official bug forum, and the thread got locked in less than 5 minutes with a complaint that I didn't search. Except I did search. The first line of my post was even, "I searched, and while I found a similar bug, this one is actually different," and went on to explain why. Mine dealt with default column sorting (column A ascending, column B descending), theirs dealt with default column order (changing columns A, B, C to B, A, C). There was no similar request. It was locked so fast, the mod couldn't have actually paid attention to it. Alright, that's kind of stupid, but whatever.

      About half an hour later, I was in a post and made a comment on a different bug. This one was about interface layout, but it seemed to me like there was confusion going on about what the bug was, so I made an image with arrows describing the issue rather well (IMO) since I was able to replicate it. 5 minutes later, my post was deleted and my account was banned. No reason given.

      Contribute to community? Get told to fuck off. I've never encountered such blatant hostility to your own community before, and knew immediately that whatever uTorrent was doing wasn't worth my time. I was so irritated that I uninstalled uTorrent immediately and a found another client even though at the time they were all significantly worse (I started with Transmission, when was just getting popular on OS X, then Deluge, still in beta, then eventually qBittorrent where I've stayed since 1.x days). I didn't even wait for my current torrents to finish downloading or seeding. I have never and will never use any software from that company ever again under any circumstances. They're below Oracle. They're below Symantec. They're below Pearson. I'd install BonziBuddy before uTorrent. It's been a secret pleasure of mine watching those fuckers crash and burn over the last several years.

      --
      The road to tyranny has always been paved with claims of necessity.
    13. Re:Why uTorrent? by LinuxIsGarbage · · Score: 2

      you downloaded utorrent from cnet. utorrent doesn't install conduit. Stop with the bullshit,

      uTorrent, at least at some point in time, did offer Conduit with the installer from their website. Here is a post from a moderator on the uTorrent Forum:
      http://forum.utorrent.com/topi...

      We are among many products that support the production and distribution of our free software through advertising. In cases where an advertisement is for an installed product, our requirements include: 1) The user must accept the offer; 2) The user must be able to easily revert to a state prior to the offer install. We also offer a premium product as an ad-free option.

      You may have inadvertently accepted an offer from one of our partners during your installation of BitTorrent/uTorrent or when updating to the latest version of our clients. If that’s the case, don't worry - here are some easy instructions for reverting to your original settings.

      PC Users

      If your home page and default search was changed to Bing you have Conduit Search Protect. If it changed to Yahoo then you have installed software from Spigot. See the instructions below based on which search engine you are seeing.

      Conduit Search Protect

      Conduit Search Protect is one of the offers PC users can receive. To remove Conduit Search Protect and revert to your original settings, follow these steps.

      In the Windows control panel, go to uninstall a program. Look for “Search Protect” by Conduit and select Uninstall.
      When the uninstall dialog box appears, simply check the “Go back to my original home page and default search settings” box at the bottom, and then click Uninstall.
      Your default search engines will revert to their original settings.

      Spigot

      First, go into the Windows Control Panel and select UnInstall a Program or Add/Remove Programs. Locate and uninstall Spigot Search Protect. Then revert each affected browser back to your desired homepage and search engine settings with the following steps.

      Chrome

      In Chrome you can set the default search engine, home page, and new tab behavior on the Chrome Settings page. For more info, see these links:

      Set your default search engine
      Set your homepage
      Set startup preferences (including new tab behavior)

      Firefox

      Set your Home Page
      Set your New Tab page
      To change the default search engine in Firefox, simply click the icon next to the search box and choose your desired site.

      Internet Explorer

      The method for changing your settings will vary depending on your current version of Internet Explorer. Follow these links to view instructions on Microsoft’s site.

      Change your Home Page (you can select your version of IE via the tab to the right of the page)
      Change your default Search Engine
      Change your New Tab settings

      Mac Users

      Mac users can revert to their original settings by uninstalling the Searchme extension from each affected browser and then resetting the homepage manually. For more info, please view these detailed instructions.

      Safari

      Under Safari’s Preferences menu, select Extensions.
      Locate the Searchme extension and select Uninstall.
      Go back to the General Preferences tab and select the Default Search Engine and Homepage you would like to use.

      Chrome

      Under the Window menu, select Extensions.
      Locate Searchme and click the corresponding trash can icon.
      Once the extension has been removed, open the Chrome menu and select Preferences.
      On the settings page that appears, select the homepage and default search provider you would like to use.

      Firefox

      Under Firefox’s Tools menu, select Add-Ons.
      When the Add-Ons page opens, click Extensions.
      Remove the Searchme extension.
      To revert your search engine, simply click the search engine icon next to the search box and select the provider you wish to use.
      To revert your default home page, open the Firefox menu, select Preferences, and select the General tab. Here you can select the home page you would like to use.

  2. Worth it? by fuzzyfuzzyfungus · · Score: 4, Insightful

    Aren't bitcoins, between the drop in value and the ASIC enthusiasts, at the point where clandestine CPU mining is close to pointless? I realize that free as in stolen has its virtues; but it likely wasn't free to get their shitware, rather than somebody else's, bundled with utorrent, so I'm surprised that it was worth it.

    1. Re:Worth it? by Anonymous Coward · · Score: 2, Insightful

      The conclusion of your reasoning isn't to be "surprised", but to deduce that they're probably mining a cryptocurrency other than bitcoin.

    2. Re:Worth it? by itzly · · Score: 2

      At scale, a world wide army of CPU's will easily crush an ASICs

      A million CPUs can crush a single ASIC, yes, but people are running warehouses full of ASICs.

    3. Re:Worth it? by itzly · · Score: 2

      Depends on how much work was involved, and how big your army is.

    4. Re:Worth it? by jythie · · Score: 2

      I am not sure that is the case anymore. CPU mining was already orders of magnitudes less efficient than GPU, and GPU mining less efficient than ASIC by a similar scale. Even with 'free' CPU time, even on a mass scale, the trickle it would likely generate would be next to worthless.

    5. Re:Worth it? by kamapuaa · · Score: 2

      It would still be worth mining bitcoins, if somebody else was paying for the electricity.

      --
      Slashdot: providing anti-social weirdos a soapbox, since 1997.
    6. Re:Worth it? by Anonymous Coward · · Score: 2, Informative

      After the suggestions that Tor was owned by the government, and the attacks against the Pirate (Bay) community, I'm rather surprised there's still an army of people running torrent clients.

      Do not confuse the Tor network with Torrents. They are not related.

    7. Re:Worth it? by ckatko · · Score: 2

      When you're not the one paying the power bill, anything above 0% is worth it.

  3. Another piece of software to uninstall by Anonymous Coward · · Score: 5, Insightful

    Time to abandon utorrent. In fact, time to abandon all software who's owners bundle in adware/malware/anything-other-than-the-program-the-user-is-trying-to-install.

    The only way this practice will stop is if users refuse to download and use software that does this.

    1. Re:Another piece of software to uninstall by juanfgs · · Score: 5, Funny

      If only we have software that we could trust, that we could see the code. And that when one vendor starts doing this, we'd be free for forking the project and making one without the bundled spyware. We could even come up with a license that protects this code, and ensures that everyone that forks the project has to respect the liberties of the user in the same way.

      Ohh well, I guess one can just dream

    2. Re:Another piece of software to uninstall by Braedley · · Score: 2

      No, the time to abandon uTorrent was when they started showing ActiveX ads. That was a while ago. I've been using Transmission running on my DroboFS ever since (which considering that was where most of my downloads were going in the first place ended up simplifying things).

      uTorrent is just the latest piece of software that started off pretty awesome, and was ruined by greed.

    3. Re:Another piece of software to uninstall by DaRanged · · Score: 3, Informative

      Basically almost anything from cnet and download.com.. their 'network' installer is sickening.

    4. Re:Another piece of software to uninstall by Holi · · Score: 3, Informative

      Let's not forget SourceForge

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    5. Re:Another piece of software to uninstall by jandrese · · Score: 5, Interesting

      This means I have to abandon Java and Flash.

      ...

      I can live with that.

      --

      I read the internet for the articles.
    6. Re:Another piece of software to uninstall by mrchaotica · · Score: 2

      If only we have software that we could trust, that we could see the code.

      That's necessary, but not sufficient. Even Free Software can get bundled with malware if you don't obtain it from a reputable source (e.g., the first-party website or your Linux distro's package management tool). Even previously-reputable download sites like Sourceforge have been guilty of bundling shit.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    7. Re:Another piece of software to uninstall by NJRoadfan · · Score: 2

      Plenty of GPL'ed software is bundling things like OpenCandy with the installer.

  4. does anyone use the most current version? by derideri · · Score: 4, Interesting

    A couple of years ago uTorrent started installing adware with their software as well, and everyone either bailed or went back to v2.2.1. So why would anyone be using the most current version of uTorrent anyway?

    1. Re:does anyone use the most current version? by gbjbaanb · · Score: 4, Interesting

      people new to torrenting and need a client might look at old links (there are many on the internet) and go and install the very pretty looking uTorrent, and of course they'll want the latest version.

      Frankly, I ditched it when they started getting shitty with the adware, I moved to qbitorrent which doesn't look too dissimilar from uTorrent and all is good now.

  5. Go back to utorrent 2.2.1 by Eloking · · Score: 5, Interesting

    I'll not post any link here (it's quite easy to Google it anyway), but I suggest going back to utorrent 2.2.1. It's the last stable build without any malware/ads/crap. There's already many torrent site that doesn't allow utorrent version higher than 2.2.1.

    --
    Elok
    1. Re:Go back to utorrent 2.2.1 by snarfies · · Score: 3, Informative

      Why would you suggest PIG DISGUSTING closed source software when there are so many quality open-source solutions, including:

      Deluge
      QBittorrent
      Transmission

    2. Re:Go back to utorrent 2.2.1 by TheGratefulNet · · Score: 3

      would you go so far as to say it whips the llama's ass? or not quite that far?

      --

      --
      "It is now safe to switch off your computer."
  6. Crap Reports by TimSSG · · Score: 3, Informative

    "Reports that uTorrent silently installs Bitcoin crapware are... crap" http://betanews.com/2015/03/06... Tim S.

  7. Alternatives are available... by mr_jrt · · Score: 4, Informative

    When they started pulling this crap I switched to something else that apes the older, simpler, cleaner versions: http://www.qbittorrent.org/

    --
    Boo.
    1. Re:Alternatives are available... by daid303 · · Score: 2

      qbittorrent is a great switch from utorrent. As it looks almost the same, without the crap. I switched my girlfriend torrent tool to qbittorent, and she didn't notice any real difference except for the lack of ads.

  8. Why is uTorrent so popular still? by jacks+smirking+reven · · Score: 3, Informative

    I used uTorrent when it was fairly new and it was excellent but in this day and age does it offer anything versus the number of matured open-source alternatives out there? I'm really asking if it has some special sauce that gives it an edge. When it was released one could look past it's closed source nature since it made it's mark being lightweight yet feature packed. Once the major update that brought advertising on-board I saw no reason to use it anymore.

    I've been using qBittorent for a couple years and it gives me all the relevant functionality without the mess as well as Transmission QT for Windows and Deluge, I can see no reason to use uTorrent when it's been shown repeatedly to be scum-ware.

  9. Re:Disappointing, but not surprising. by ZorinLynx · · Score: 3, Informative

    >the leading Java-based client

    If you mean the client I think you do, that has been crap for many years.

    Transmission is the way to go these days.

  10. only one reason why uTorrent is still popular by Voyager529 · · Score: 3, Informative

    ...because it's popular.

    Older versions could fit on a floppy disk, and didn't require an Installshield Wizard. Now, it's not at Vuze levels of bloatedness (though Vuze beats to a different drum and has a pretty nice "content store" for Creative Commons content and similar), but it's gotten big and annoying. Transmission works on Windows (...and OSX...and *nix...and plenty of routers and NASes...) and is nice if you don't need RSS feeds. QBittorrent does RSS and is simple to use. Deluge, while being a bit awkward, does a good job. if you're into a super-configurable ecosystem, rTorrent has 101 plugins and browser based frontends, but can also run exclusively from the CLI if that's your thing. The list goes on and on, but utorrent seems to be coasting on inertia, nothing more, nothing less.

    The interesting thing is that a similar "we'll borrow some unused CPU cycles" method of revenue generation caused a huge mess with Digsby, an IM client that was great and had a pretty good following until that point. Then again, with most technical folks opting for one of the plentiful alternatives to utorrent, I don't see this being a major impact.

  11. Re:Surprised they thought they could get away with by mlts · · Score: 2

    There are ways to hide a program so that increased CPU life would not be noticed:

    1: Wait for the MSI install/upgrade mechanism to be used, then start using the CPU after it completes. The program installed will get the blame.

    2: Ramp it up over a period of time, so the user gets used to his MBA eating its battery in two hours.

    3: Wait until the laptop is plugged in and the screensaver is on, and hit it.

    It eventually will be caught, but there are ways to keep all but the more astute people from noticing.

    I am actually surprised more "free" programs don't do this with a stipulation in the EULA that they have free run to use the end user's CPU/RAM/IO/disk/network as they see fit, and there isn't anything legally that can challenge that.

  12. How is this post a troll? by Anonymous Coward · · Score: 4, Interesting

    Torrent used to be great. It had over 100 million users and was the most popular client for years. I remember the first version fit on a floppy, and you could xcopy install it. It was awesome. I did a test of different BitTorrent clients for a PC magazine, and Torrent won easily when it came to download speeds. It beat Vuze, as the poster I'm replying to mentioned, by more than 30%.

    It was small and fast. It did everything you need. Now it is bloated and too slow to leave running when using your computer. Also, it wastes tens of megabytes of bandwidth per day downloading animated ads plus it uses so much CPU to show the ads that it overheats my new Dell laptop. The guy above exaggerated with this gigabytes claim.

    So why was this guy marked a Troll? He is correct. Do we have a Torrent fanboi with mod points?

    1. Re:How is this post a troll? by Anonymous Coward · · Score: 2, Insightful

      Wow /. dropped the mu. Add a mu before Torrent everywhere in my post. Why doesn't /. understand Unicode in 2015? This is sad.

    2. Re:How is this post a troll? by Sowelu · · Score: 2, Insightful

      Do you really want a Slashdot full of Zalgo, emojis, and Japanese character art?

    3. Re:How is this post a troll? by aevan · · Score: 4, Funny

      Won't using HOSTS keep me safe from that?

  13. gave up on local torrenting years ago by Nukenbar · · Score: 3, Informative

    Just another reason to have a seedbox for all of your torrent needs.

  14. Re:But why though? Math time! by farble1670 · · Score: 2

    It's something like a 100:1 loss on electricity at $0.11/KWH by the way.

    except they aren't paying for the electricity, so it's all profit. even if they are only making $100, that's still pretty great. considering they probably spent a week hacking together existing software ... and after that it's zero expenditure and all profit (except what they are paying bittorrent).

  15. Unicode on Slashdot (5:erocS) by tepples · · Score: 4, Interesting

    Why doesn't /. understand Unicode in 2015?

    Past abuse of bidirectional override control characters to spoof comment scores. Details

  16. Re:Deluge by geminidomino · · Score: 2

    Deluge likes to use random ports

    Edit->preferences->Network, uncheck "Use Random Ports" and it will let you specify a port range, old-school style.

  17. Not even the worst thing it installs by BillX · · Score: 2

    All this furor over Epic Scale bitcoin miner, and none over other crud like Wajam that uTorrent installs?

    Have a look at the last image in this article. "...may change your local proxy settings...collect...URLs of the pages you visit...content of encrypted webpages...Wajam may protect itself from other software that tries to wrongfully interfere with it."

    Yikes. Lenovo got spanked pretty hard for packaging advertising malware that MITMs your encrypted sessions, but at least theirs doesn't officially threaten a counterstrike against your antivirus too.
     

    --
    Caveat Emptor is not a business model.
    1. Re:Not even the worst thing it installs by ihtoit · · Score: 2

      yeah, only way I could rip out wajam was to boot into a knoppix session and force-kill the files then boot into safe mode and hack the registry.

      What a pain the fucking arse that was.

      --
      Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  18. Move on, the show's over by Zanadou · · Score: 2

    uTorrent alternatives you should have moved on to a long time ago; cross platform clients, with clickable links for the lazy:

    qBittorrent v3.1.12

    Deluge v1.3.11