An unusual cryptocurrency mining tool, LoudMiner, was discovered by its researchers ESET. LoudMiner uses virtualization software – specifically, QEMU (short for Quick Emulator) on macOS and the VirtualBox στα Windows – για την εξόρυξη κρυπτονομισμάτων σε ένα εικονικό operating system Tiny Core Linux.
LoudMiner is distributed via pirated copies of a software plugin for audio applications called VST (Virtual Studio Technology). LoudMiner then mines cryptocurrency from within the compromised devices and uses SCP (Secure File Copy) with embedded username and SSH private key so that it can update itself.
«Το LoudMiner στοχεύει σε εφαρμογές ήχου, δεδομένου ότι οι συσκευές που εκτελούν αυτές τις εφαρμογές έχουν συχνά δυνατότητες για μεγαλύτερη επεξεργαστική ισχύ», δήλωσε ο Marc-Etienne M. Léveillé, Senior Malware Researcher at ESET. “These are usually complex applications with high CPU consumption, so users do not find this activity unusual. It is interesting and unprecedented that virtual machines are used instead of another, simpler solution,” Léveillé added.
According to ESET research, LoudMiner has been active since August 2018.
ESET emphasizes that in order for users to be safe, they should avoid downloading pirated copies of software. He also advises them to be wary of pop-up "additional" installers that appear unexpectedly, to beware of any higher CPU consumption, as well as new services and connections from strange domain names.
More details can be found in the report «LoudMiner: Cross-platform mining in cracked VST software», At WeLiveSecurity.com.