An unusual one tool miningof cryptocurrency, LoudMiner, its researchers discovered ESET. LoudMiner uses software virtualization – specifically, QEMU (short for Quick Emulator) on macOS and VirtualBox on Windows – for mining cryptocurrencies in a virtual operating system Tiny Core Linux.
LoudMiner is distributed via pirated copies of a software plugin for audio applications called VST (Virtual Studio Technology). LoudMiner then mines cryptocurrency from within the compromised devices and uses SCP (Secure File Copy) with embedded username and SSH private key so that it can update itself.
"LoudMiner targets audio applications, as devices running these applications often have the potential for greater processing power," said Marc-Etienne M. Léveillé, Senior Malware Researcher at ESET. "These are usually complex applications with high CPU consumption, so that users do not find this activity unusual. It is interesting and unprecedented that virtual machines are used instead of another, simpler solution ", added Léveillé.
According to ESET research, LoudMiner has been active since August 2018.
ESET emphasizes that in order for users to be safe, they should avoid downloading pirated copies of software. He also advises them to be wary of pop-up "additional" installers that appear unexpectedly, to beware of any higher CPU consumption, as well as new services and connections from strange domain names.
More details can be found in the report «LoudMiner: Cross-platform mining in cracked VST software», At WeLiveSecurity.com.