Η mining cryptocurrency mining is the new trend in cybercrime, and WinstarNssmMiner is yet another example of a coinminer targeting Windows systems in an attempt to mine Monero.
The malicious software recently spotted by company security 360 Total Security, and as researchers point out, it lists more than 500.000 victims in just three days.
The highly aggressive coinminer spreads through specially designed campaigns and uses all the resources of Windows systems to mine Monero. It even uses several techniques protections to bypass antivirus solutions and to ensure that the processes it starts are not obstructed.
Specifically, once it enters a system, WinstarNssmMiner monitors the activity of installed antivirus protection software, and in the event that a virus scan is performed it temporarily suspends its malicious activity.
When it deems it safe, the malware spawns two διαφορετικές διεργασίες συστήματος με την ονομασία svchost.exe ( το svchost.exe ή Service Host είναι μια τυπική διεργασία των Windows), σε μια προσπάθεια να μην γίνει αντιληπτό. Το ένα process ξεκινά διαδικασίες εξόρυξης κρυπτονομισμάτων, ενώ το άλλο παρακολουθεί τις λύσεις antivirus διακόπτοντας κάθε δραστηριότητα όταν εκτελείται κάποιο scan for viruses.
WinstarNssmMiner is another surprise for Windows users, as if malware is discovered and attempted to shut down svchost.exe, malware crashes Windows, leading to BSOD. This is because the malicious program defines svchost.exe as CriticalProcess, causing Windows to shut down the computer when the malicious process is terminated.
According to researchers, malware is now spreading to more systems around the world, and the easiest way to keep it safe is to use up-to-date antivirus solutions but also specialized web mining protection applications.
___________________________
- AVCrypt the ransomware that before hitting deletes the antivirus
- RedDrop malware: Caution inflating accounts and circulating
- Windows Log Files: Find and Read Log Files
