January 6, 2022

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”

Norton 360 is owned by Tempe, Ariz.-based NortonLifeLock Inc. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service).

According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory).

“Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet.”

NortonLifeLock began offering the mining service in July 2021, and early news coverage of the program did not immediately receive widespread attention. That changed on Jan. 4, when Boing Boing co-editor Cory Doctorow tweeted that NortonCrypto would run by default for Norton 360 users.

NortonLifeLock says Norton Crypto is an opt-in feature only and is not enabled without user permission.

“If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled by temporarily shutting off ‘tamper protection’ (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer,” NortonLifeLock said in a written statement. However, many users have reported difficulty removing the mining program.

From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.

“How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?,” reads a Dec. 28 thread titled “Absolutely furious.”

“Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” the post reads. “The product people need firing. What’s the next ‘bright idea’? Norton Botnet? ‘ And I was just about to re-install Norton 360 too, but this has literally has caused me to no longer trust Norton and their direction.”

It’s an open question whether Norton Crypto users can expect to see much profit from participating in this scheme, at least in the short run. Mining cryptocurrencies basically involves using your computer’s spare resources to help validate financial transactions of other crypto users. Crypto mining causes one’s computer to draw more power, which can increase one’s overall electricity costs.

“Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.”

Then there’s the matter of getting paid. Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as Norton Crypto’s FAQ rightly points out, there are coin mining fees as well as transaction costs to transfer Ethereum.

“The coin mining fee is currently 15% of the crypto allocated to the miner,” the FAQ explains. “Transfers of cryptocurrencies may result in transaction fees (also known as “gas” fees) paid to the users of the cryptocurrency blockchain network who process the transaction. In addition, if you choose to exchange crypto for another currency, you may be required to pay fees to an exchange facilitating the transaction. Transaction fees fluctuate due to cryptocurrency market conditions and other factors. These fees are not set by Norton.”

Which might explain why so many Norton Crypto users have taken to the community’s online forum to complain they were having trouble withdrawing their earnings. Those gas fees are the same regardless of the amount of crypto being moved, so the system simply blocks withdrawals if the amount requested can’t cover the transfer fees.

Norton Crypto. Image: Bleeping Computer.

I guess what bothers me most about Norton Crypto is that it will be introducing millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways.

Several of my elder family members and closest friends are longtime Norton users who renew their subscription year after year (despite my reminding them that it’s way cheaper just to purchase it again each year as a new user). None of them are particularly interested in or experts at securing their computers and digital lives, and the thought of them opening CoinBase accounts and navigating that space is terrifying.

Big Yellow is not the only brand that’s cashing in on investor fervor over cryptocurrencies and hoping to appeal to a broader (or maybe just older) audience: The venerable electronics retailer RadioShack, which relaunched in 2020 as an online-focused brand, now says it plans to chart a future as a cryptocurrency exchange.

“RadioShack’s argument is basically that as a very old brand, it’s primed to sell old CEOs on cryptocurrency,” writes Adi Robertson for The Verge.

“Too many [cryptocurrency companies] focused on speculation and not enough on making the ‘old-school’ customer feel comfortable,” the company’s website states, claiming that the average “decision-making” corporate CEO is 68 years old. “The older generation simply doesn’t trust the new-fangled ideas of the Bitcoin youth.”

110 thoughts on “Norton 360 Now Comes With a Cryptominer

  1. ReadandShare

    Capitalism encourages hard work and ingenuity. And a little bit greed as motivator too. But the “what have you done lately” question that hangs over every CEO every single year (or even quarter) leads to endless rounds of “how can we squeeze more eggs out of this golden goose”?

  2. Paul Benninger

    So sad, Norton used to be my go-to product for Anti-virus back in the day (1990’s). This is what happens when you let the marketers have control of design.
    This is telling too that maybe the AV market isn’t what it used to be.

  3. Gary

    The best anti-virus sits between your ears. Stop clicking those links in your email.

    1. Daniel Teoli Jr.

      Just have a web surfing computer or cheap tablet. My main computer is not connected to the web. Although I did have to connect it a while back when it would not recognize DVD burners any longer and I had to accept one of Window’s forced updates. (A massive update, maybe 2 years worth!) After that, the DVD burner worked again.

      Maybe my setup is not suitable for your use, but that is how I do it. My web surfer computer is no big loss. So, I may do risky things with it. I had heard that one of Window’s forced updates was deleting people’s photos by mistake. I couldn’t have that, so I that was when I took my main computer offline.

      Here is a story about one ransomware threat I unknowingly clicked on a few years ago. Being gullible I would get lots of ransomware scams from clicks.



      Another time I was researching Betty Page. I clicked on Google’s top search result…boom they locked the computer and said call the 800 number to unlock.

      Yes, links can be costly. Bezos had to pay tens of billions of $$ in divorce settlement from a link from his Arab friend the Prince sent him that exposed his infidelity to his wife. It was said Israel had sold the spyware to the Prince. (That is what I had read anyway.) Too bad the Israelis can’t come up with a better program than Windows to sell us. Or a few of you could brainiacs could develop one. Or maybe the Indians?

      …anyone but Microsoft. (more or less)

      But and it is a BIG BUT…greed will F things up no matter who makes it…unless it is noncommercial in nature.

      “I have since learned that trade curses everything it handles; and though you trade in messages from heaven, the whole curse of trade attaches to the business.” — Henry David Thoreau

      Daniel D. Teoli Jr. Archival Collection

  4. Kurt Seifried

    It’s just a classic gift card balance scheme. Why take a 15% cut when you can hold 100% of most transactions forever?

    This is covered in GSD-2022-1000002 (https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000002.json) in summary:

    Norton AntiVirus now includes an Ethereum crypto miner that has several problems including deceptive rewards program and difficulty in uninstalling it. \n\n Norton keeps 15% of all Ethereum mining proceeds and “pays” the remainder into a users “Norton Crypto Wallet” which is hosted by Norton. It should be noted that the Norton Crypto Wallet cannot be used to make Ethereum transactions, but can only be used to transfer value to a Coinbase account once a certain minimum threshold of value is accrued. The Norton crypto mining and Norton Crypto Wallet are effectively a gift card system where the money can be withdrawn, but not unless a certain balance is available. It should also be noted that the Norton Crypto mining software is reportedly very difficult to uninstall, requiring administrative level privileges, and even then reports indicate effective removal is difficult.

  5. Daniel D.Teoli Jr.

    Don’t know what it all means. I’m an old film photog from back in the 70’s. I don’t know how to use Photoshop, but I can use Lightroom…pretty good. (The old Lightroom anyway, not the new subscription only Adobe products.) Point is, I’m not much of a computer person, but I get by good enough for me. And I was very happy in the old days with old Widows and no forced updates.

    Now, here is my contribution to your topic…

    On Monday, an old program I was using to copy DVD with disc rot called ‘Any DVD’ was disabled on my computer by Windows Security. I tried to bypass their block and tried a reinstall. Nothing worked, so I had to remove the program. It said the threat was low, but they claimed it contained a coin miner.

    Daniel D. Teoli Jr. Archival Collection
    Daniel D. Teoli Jr. Small Gauge Film Archive
    Daniel D. Teoli Jr. VHS Video Archive
    Daniel D. Teoli Jr. Audio Archive
    Daniel D. Teoli Jr. Advertising Archive
    Daniel D. Teoli Jr. Social Documentary Photography

  6. Gary

    I just noticed the ad for this article, well assuming it is static, is very appropriate. Train your people not to get phished. People are the weak link.

    These AV programs eventually find the bad links. Often I get an obvious malware link, feed it to virustotal.com only to find one or two think it is malware. Try later in the day and then maybe half a dozen think it is malware.

  7. Bartosz Wojcik

    Norton is the malware! Unwanted, hard to uninstall, clogging the CPU & now the GPU!

    Advise all your friends and family members to remove this scamware.

    What a disgrace to the so-called antivirus industry!

    Monetizing last customers to the full extend!

    Microsoft AV should put it on malware list and remove it. Where are you Microsoft?


  8. Knows Better

    Their acquisition of LifeLock started them down this slippery, sleazy slope.

  9. The Sunshine State

    Wait, you mean internet users are still using Norton products ? In my humble opinion, their software products s*cked in the late nineties and clearly things still haven’t changed today.

  10. Bruce Albright

    Good Grief ! I always renew Norton but next year I’m going to cancel the renewal and buy the product
    Off the shelf. But a dumb question – Is it also in the product that I will buy at a store ? Or only in the renewal product ?
    Thank you ! I always read your emails and the comments at the bottom.

    1. BrianKrebs Post author

      New customer discounts are steep, and usually the first year’s price is a fraction of the annual renewal fee. You can simply decline to renew at the end of the year (or remove your credit card number from your profile), and uninstall the product. Then buy it again under a new email address and get the new customer discount.

      1. Donovan Meyers

        My year recently ended and I forgot to cancel auto-renewal. I was surprised to find that they offer a full refund for 60 days after auto-renewal, and it was an easy online request. It was even mentioned in my auto-renewal confirmation email:

        “You may be entitled to a refund of your annual renewal fee if requested within 60 days of being charged.”



        I had planned to buy again at Amazon but now I’m reconsidering in light of these shenanigans.

        1. Minor F. Fort

          Wicked slow and why give MS even more of your data? Spread it out.

          1. JamminJ

            This doesn’t make sense.
            What “data” do you think Windows Defender collects that isn’t already collected?
            “Spread it out” means more companies having the same data… that’s worse.

  11. Acolyte

    It is USA tax season. Near the top of Form 1040 is “At any time during 2021, did you receive, sell, exchange, or otherwise dispose of any financial interest in any virtual currency?” Looks like more taxpayers would now answer yes if they participate in Norton Crypto.

    I think answering No when one should answer Yes is unlikely to be noticed. But the Al Capone rule will apply, if someone answers No when Yes is appropriate and they come to the attention of the authorities, the results can be rather severe.

    If people are honest, then there will be a large number of Yes and will this overwhelm the federal authorities?

    1. Wayne

      Income tax events. These include:

      Earning crypto interest from decentralized finance (DeFi lending)
      Receiving crypto via an airdrop
      Receiving crypto payment for carrying out a task (this includes bug bounties)
      Earning crypto from staking and liquidity pools
      Earning crypto mining income from transaction fees and block rewards

      Source: https://taxbit.com/blog/understanding-the-cryptocurrency-tax-rate

    2. JamminJ

      Pretty sure everyone can answer NO, until they cash out.
      And it was mentioned, no withdrawals are possible until a minimum is reached.
      The wallet is held by Norton, and not under the control of users.

      Add that to the “opt in” requirement, I don’t think many people will be accidentally in violation with the IRS.

  12. Brian

    Thanks Brian, it usually takes a lot to surprise me these days, but that definitely fits the “WTF?” category. I just cancelled Norton’s auto renewal. Now to get that garbage off my computer and find a better option.

  13. Philip de Louraille

    A new program category called “parasite”.

  14. GoonieGooGoo

    Why the frack would an anti-virus tool also install something completely unrelated to securing your computer? What the hell were they thinking?

    1. Daniel Teoli Jr.

      Greed blinds them!

      “I have since learned that trade curses everything it handles; and though you trade in messages from heaven, the whole curse of trade attaches to the business.” — Henry David Thoreau

      Daniel D. Teoli Jr. Archival Collection

  15. digg

    Anyone that still uses AV has no idea what they are doing with security, and hopefully is not advising anyone else on it.

    AV is useless at best.

  16. PetePall

    Once upon a time, way back when, Norton was a respected brand with a good product line. Its origins were the Peter Norton Computing Group founded by, well, you know, and in 1990 bought by Symantec that introduced AV under the Norton brand. Sad to see this latest development.

    1. sceurity vet

      …it’s actually a bit more complicated than that…

      …Peter Norton acquired an a/v product from Certus (Dr. Peter Tippett) and it became norton a/v…

      …now you know the rest of the story…

  17. Notme

    Unbelievable. Thanks for shining a light on this garbage. I quit advocating the use of the product as soon as the worthless lifelock crap was involved.

  18. Stratocaster

    If Peter Norton were dead, he would be rolling in his grave.

  19. TPA49

    I have run Norton AV on my four home and office computers for over 15 years and that is ending. I truly feel violated that a trusted AV company would download a cryptominer without my permission or worse, think that this is a good business to link with the AV products. Stupidity at the highest CXX levels of a company.

  20. Tom Robbins

    I’m not sure what people are complaining about.

    This is, without a doubt, the absolute best use of CPU cycles/power that any Norton product has ever made.

    1. Now I Get It

      You forgot the tongue-in-cheek :-^) to indicate sarcasm.

  21. John Cruz

    On one hand, this is absolutely disgusting.

    On the other hand, I would’ve been a little surprised if it wasn’t Norton doing it.

  22. joe weis

    Thanks again Brian for such stellar reporting. It is a really easy fix: go to norton settings; then under quick controls temporarily deselect norton tamper protection; after this go to your c drive & open program files, norton security & finally engine from where you scroll to find the ncrypt file which you delete. Then turn norton tamper protection back on.
    Norton had this file on my computer even after having chosen not to opt-in to norton’s first offering this backdoor.
    You cannot trust corporate america to do the right thing if money gets in their way.
    This is why folks like Brian are so essential if the norton’s of this world are to remain even slightly honest.
    So thanks again Brian.

    1. Bill

      Thanks Brian for bringing this to light.

      Thank you Joe for a simple solution. My PC is probably too old to participate in this nightmare, but it will undoubted be a wonderful target for abuse.

      I have been using Norton/Symantec exclusively since 2000. They have just lost yet another customer directly because of this.

      OK brains trust – what approach should I use instead? Is AV still needed or has the time come to have my main system permanently offline and use VMs or similar on a “disposable” chromebook/tablet for use online and just blow it all away with a reset, say on a weekly basis ?

  23. Bob Brown

    From the article: “The key to the wallet is encrypted and stored securely in the cloud…”

    I have a nice bridge I can sell real cheap to anyone who believes a sentence containing both “cloud” and “securely.”

  24. Dan

    Why would I want to deal with a company who had hackers break into their system and steal the source code for their anti virus programs? There were about 5 or 6 Av’s like Norton that had their AV source code stolen so now virus makers can code the viruses to bypass Norton’s anti virus program and infect you. They also hacked McAfee and other ones and as of 2019 they were offering over 30 TB worth of data to prove what they said for 300,000.00 So unless Symantec has completely rewritten their source code, and I doubt they have; then its dangerous to even have them on your computer to protect you.

  25. Scott E

    Reminds me of an old adage from business school, “They May Forget What You Said, But They Will Never Forget How You Made Them Feel”. Purchasing the product makes you think you are safe until you realize you are being duped – people won’t forget that.

  26. Steve

    CO2 impact from the tons of folks who will go for this easy way to mine crypto across the developing world?

  27. Jimbo

    I imagine the profits that the end user will receive will amount to the same percentage that class action participants see. Which amounts to nothing.

Comments are closed.