Η mining cryptocurrency mining is the new trend in cybercrime, and WinstarNssmMiner is yet another example of a coinminer targeting Windows systems in an attempt to mine Monero.
Malware was recently detected by the security company 360 Total Security, and as researchers point out, it lists more than 500.000 victims in just three days.
The highly aggressive coinminer is spread through specially designed campaigns and uses όλους τους πconditions of Windows systems for Monero mining. It even uses several protection techniques to bypass antivirus solutions and to ensure that the processes it launches are not obstructed.
Specifically, once it enters a system, WinstarNssmMiner monitors the activity of installed antivirus protection software, and in the event that a virus scan is performed it temporarily suspends its malicious activity.
When it considers it safe, malware creates two different system processes called svchost.exe (svchost.exe or Service Host is a standard Windows process), in an effort to not be understood. One process starts crypto mining, while the other monitors antivirus solutions by interrupting any activity when performing a virus scan.
WinstarNssmMiner has another surprise in store for Windows users, as if its action is discovered and svchost.exe termination is attempted, the malware crashes Windows, leading to a BSOD. This is because the malicious program ορίζει το svchost.exe ως CriticalProcess, με αποτέλεσμα τα Windows να τερματίζουν τον υπολογιστή κατά τον τερματισμό της κακόβουλης διεργασίας.
According to researchers, malware is now spreading to more systems around the world, and the easiest way to keep it safe is to use up-to-date antivirus solutions but also specialized web mining protection applications.
___________________________
- AVCrypt the ransomware that before hitting deletes the antivirus
- RedDrop malware: Caution inflating accounts and circulating
- Windows Log Files: Find and Read Log Files