An unusual one tool cryptocurrency miner, LoudMiner, its researchers discovered ESET. LoudMiner uses virtualization software - namely QEMU (short for Emulator) on macOS and VirtualBox on Windows - to extract cryptocurrencies on a Tiny Core Linux virtual operating system.
LoudMiner is distributed through pirated copies of a software Plugin for applications ήχου που ονομάζεται VST (Virtual Studio Technology). Στη συνέχεια, το LoudMiner εξορύσσει κρυπτονομίσματα μέσα από τις παραβιασμένες συσκευές και χρησιμοποιεί το SCP (Secure File Copy) with an embedded username and SSH private key so it can update itself.
"LoudMiner targets audio applications, as devices running these applications often have possibilities for more processing power," said Marc-Etienne M. Léveillé, Senior Malware Researcher at ESET. “These are usually complex applications with high CPU consumption, so users do not find this activity unusual. It is interesting and unprecedented that virtual machines are used instead of another, simpler solution,” Léveillé added.
According to ESET research, LoudMiner has been active since August 2018.
ESET emphasizes that in order for users to be safe, they should avoid downloading pirated copies of software. He also advises them to be wary of pop-up "additional" installers that appear unexpectedly, to beware of any higher CPU consumption, as well as new services and connections from strange domain names.
More details can be found in the report «LoudMiner: Cross-platform mining in cracked VST software», At WeLiveSecurity.com.