Hackers hide cryptocurrency mining malware in Windows installation files

Crypto-diversion systems are becoming more and more complex day by day. It seems that hackers now hide malware from cryptocurrency extraction and pass it on as legitimate Windows installation packages.

Researchers say the malware, more commonly known as Coinminer, was specifically designed to fly under the radar. What makes the attack particularly difficult to detect is that it uses a series of obscuration methods.

This discovery comes from the security company Trend Micro which has since documented further the vector of the attack.

" Malware arrives on the victim's machine as an MSI Windows Installer file, which is distinguished by the fact that Windows Installer is a legitimate application used to install software", reads in the report. "Using a real-world Windows component makes it less suspicious and possibly allows it to bypass some security filters."

The hoax of hackers does not stop there. The researchers noted that once installed, the malware directory contains various files acting as lure. Among other things, the installation program comes with a script that neutralizes all the anti-malware processes running on your computer, as well as the cryptocurrency extraction module.

The researchers also observed that the malware had an integrated self-destruction mechanism to cover its tracks. " To make detection and analysis even more difficult, the malicious program is also endowed with a self-destruct mechanism," the report says. "It deletes all the files from its installation directory and removes all traces of installation in the system."

Although Trend Micro has not been able to link the attack to a specific country, the installation program uses Cyrillic. In all fairness, Cyrillic seems to be quite popular among cryptocurrency criminals.

Cryptomecroverology malware epidemic

In early 2018, security experts warned that crypto-jacking scripts should proliferate in all sorts of unexpected places.

Indeed, this year we saw hackers infiltrating cryptocurrency malware via updates to Adobe Flash routers and thousands of commercials and governmental sites

In the latest high-profile crypto-jacking case, a week ago, a Canadian university was forced to temporarily kill its entire network after discovering that annoying hackers stole its computing power to secretly exploit Bitcoin.

Given the breadth of malicious cryptocurrency mining programs, it is not surprising that reports suggest that crypto-jackers are reporting more than $ 250,000 per month .

Posted on November 8, 2018 – 15:20 UTC


Leave a Reply

Your email address will not be published.