You do surprise me.exe: An unexpected executable in Hola Browser

Sophos X-Ops identified an undeclared, unsigned executable (me.exe) bundled intermittently with Hola Browser that functions as a crypto-miner (Troj/GoMiner-B). The binary copies itself to Program Files, installs an autostart service, attempts Windows Defender exclusions and contains XMRig-related artifacts; Hola confirmed a supply-chain compromise affecting ~0.1% of users and rebuilt its distribution pipeline after investigation and remediation.