Cybersecurity firm ESET has detected what it describes as an unusual and persistent cryocurrency miner distributed for macOS and Windows since August 2018.
Cybersecurity firm ESET has detected what it describes as an unusual and persistent cryocurrency miner distributed for macOS and Windows since August 2018. The news was revealed in a report from ESET Research published on June 20.
According to ESET, the new malware, dubbed “LoudMiner,” uses virtualization software — VirtualBox on Windows and QEMU on macOS — to mine crypto on a Tiny Core Linux virtual machine, thus having the potential to infect computers across multiple operating systems.
The miner itself reportedly uses XMRig — an open-source software used for mining privacy-focused altcoin monero (XMR) — and a mining pool, thereby purportedly thwarting researchers’ attempts to retrace transactions.
The research revealed that for both macOS and windows, the miner operates within pirated applications, which are bundled together with virtualization software, a Linux image and additional files.
Upon download, LoudMiner is installed before the desired software itself, but conceals itself and only becomes persistent after reboot.
ESET notes that the miner targets applications whose purposes are related to audio production, which usually run on computers with robust processing power and where high CPU consumption — in this case caused by stealth crypto mining — might not strike users as suspicious.
Moreover, the attackers purportedly exploit the fact that such complex applications are usually complex and large in order to conceal their virtual machine images. The researchers add:
“The decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see.”
ESET has identified three strains of the miner targeted at macOS systems, and just one for Windows thus far.
As a warning to users, the researchers state that “obviously, the best advice to be protected against this kind of threat is to not download pirated copies of commercial software.”
Nonetheless, alongside high CPU consumption, they offer several hints to help users detect something might be awry, included trust popups from an unexpected, “additional” installer, or a new service added to the startup services list (Windows) or a new Launch Daemon (macOS).
Network connections to unusual domain names — due to scripts inside the virtual machine that contacting the C&C server to update the miner’s configuration — are another giveaway, the researchers add.
Yesterday, Cointelegraph published an in-depth report analyzing various malware deployments within the crypto industry, including for stealth crypto mining.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.