Cyber Security Researchers at ESET- a cyber security firm- have uncovered a new threat in the form of a persistent and unusual mining software, which as of now has been categorized as Malware and has been dubbed- “LoudMiner”, Cointelegraph reports.
ESET says that LoudMiner utilizes a virtualization software on Windows and QEMU on macOS — to mine crypto on a Tiny Core Linux virtual machine, and has the capacity to infect computers from different operating systems.
The miner operates within pirated applications and comes packaged with virtualization software,a Linux image and additional files.
The miner allegedly utilizes XMRig which is an open source software that is utilized in mining Monero, the privacy focused altcoin. It also uses a mining pool, therefore reportedly preventing the researchers from retracing any transactions.
The report released by the researchers indicate that for macOS as well as windows, the fraudulent miner operates within pirated apps that are shoved together with virtualization software a Linux image and additional files.
When one downloads desired software, LoudMiner is installed first but hides itself and will only be noticed after rebooting. The Linux virtual machine is launched and the mining starts.
ESET said that the miner affects apps that deal with audio production that mostly operate on computers that have high processing power, whose high CPU consumption due to crypto mining activities, will not make the users suspicious.
In addition, the fraudsters also take advantage of the fact that such complicated apps are mostly complex and enormous so as to hide their virtual machine images. The digital technologists added:
“The decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see.”
At the moment ESET had discovered three strains of the miner targeted at macOS systems, and just one for Windows thus far.
The researchers said that in order to identify a particular mining session, a file containing the IP address of the machine and the day’s date is created by the ‘idgenerator’ script and its output is sent to the C2 server by the “updater.sh script.”
Quit Downloading Pirated Commercial Software
To avoid the threat, age-old advice applies: Don’t download pirated copies of commercial software.
Nonetheless, the researchers Malik also offered some hints to identify when an application contains unwanted code. Red flags include a trust popup from an unexpected, ‘additional’ installer; high CPU consumption by a process one did not install (QEMU or VirtualBox in this case); a new service added to the startup services list; and network connections to curious domain names (such as system-update info or system-check services).
“The decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see.”- said the researchers.
What’s your take on the discovery of the crypto mining threat? Let us know in the comments section.