Researchers Uncover Unusual Virtual Crypto Mining Threat

62

Recently Cybersecurity firm ESET has detected an unusual Crypto miner distributed on macOS platforms back since August 2018. This news was revealed in a recent report published by ESET Research on 20th of June.

According to the research, the newly discovered malware is dubbed as “LoudMiner” which uses the virtualization software’s like VirtualBox on Windows platform and QEMU on macOS platform. Thus having the potential to infect computers across multiple platforms.

Reportedly the Miner uses the XMRig which is an open source mining software solely focused on altcoin monero (XMR) mining including a mining pool.

The researchers also revealed that the mining software operates within the pirated application on both the platforms and was purportedly bundled with virtualization software, a Linux image and some other additional files required by the software.

Usually while downloading, LoudMiner is installed before the desired software itself and soon after a reboot, it becomes persistent on the system.

ESET also noted that the miners usually targeted software related to audio production, which usually runs on computers with robust processing power along with high CPU consumptions. Thus avoiding user suspicions.

The attackers took advantage of the fact that such software is complex and thus require a large amount of processing power. Thus making it tough to detect the mining software. A researcher Quoted:

“The decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see.”

ESET further identified that miners frequently targeted the macOS systems while Windows system was less frequently targeted.

As a warning, the researchers best advice is not to download pirated software copies of any commercial software. Thus avoiding potential threats.

To help the users detect the issue several hints like high CPU usage, unexpected pop-ups, any additional installer or a recent new service added to the startup list in (Windows) or a new Daemon in (macOS).

Setting up network connections with unusual domain names that are used to update the miner’s configurations are some insights that the system is attacked.

Also Read: Russian Ministry of Finance Will Allow Cryptocurrency Trading