This story that was on Hackaday a while back, where an audio track was hidden in an image: http://hackaday.com/2012/02/27/this-image-contains-a-hidden-audio-track/ If, for some reason, one were seriously trying to hide data in this way and have it go undetected, would it not be a much better idea to combine this approach with the approach described in the above HaD post?

Why would this activity even be illegal? It's proprietary software; the users have no right to see what's going on under the hood -- they have to take it as it is. They are willingly installing software without really being able to know what it does, and vendors aren't required in any meaningful way to disclose what the software really does. See, for example, Windows and MacOS. Furthermore, writing software to exploit users is certainly not uncommon practice, and using users to generate revenue is also not controversial, it seems. All we have here is a piece of really inefficient software that happens to have bitcoin generation as a side effect. The vendor could probably have fully disclosed this "feature" in the license agreement, which people would undoubtedly have agreed to without reading. I haven't bothered to find the license agreement for this particular piece of software, but it may well already be written in a way which absolves the vendor of legal responsibility for this unscrupulous activity.