An unusual cryptocurrency mining tool, LoudMiner, was discovered by its researchers ESET. LoudMiner uses virtualization software - namely QEMU (short for Emulator) on macOS and VirtualBox on Windows - to extract cryptocurrencies on a Tiny Core Linux virtual operating system.
LoudMiner distributes pirated copies of a software plugin for audio applications called VST (Virtual Studio Technology). LoudMiner then mines cryptocurrencies from compromised devices and uses SCP (Secure File Copy) with a built-in username and private SSH key, so that it can update itself.
"LoudMiner targets audio applications, as devices running these applications often have the potential for greater processing power," said Marc-Etienne M. Léveillé, Senior Malware Researcher at ESET. "These are usually complex applications with high CPU consumption, so that users do not find this activity unusual. It is interesting and unprecedented that virtual machines are used instead of another, simpler solution ", added Léveillé.
According to ESET research, LoudMiner has been active since August 2018.
ESET emphasizes that in order for users to be safe, they should avoid downloading pirated copies of software. He also advises them to be wary of pop-up "additional" installers that appear unexpectedly, to beware of any higher CPU consumption, as well as new services and connections from strange domain names.
More details can be found in the report «LoudMiner: Cross-platform mining in cracked VST software», At WeLiveSecurity.com.