Digital currency mining is the new trend in cybercrime, and WinstarNssmMiner is another example of a coinminer targeting Windows systems in a Monero mining effort.
Malware was recently detected by the security company 360 Total Security, and as researchers point out, it lists more than 500.000 victims in just three days.
The highly aggressive coinminer spreads through specially designed campaigns and uses all the resources of Windows systems to mine Monero. It even uses several protection techniques to bypass them solutions antivirus and to ensure that the processes it starts are not obstructed.
Specifically, once it enters a system, WinstarNssmMiner monitors the activity of installed antivirus protection software, and in the event that a virus scan is performed it temporarily suspends its malicious activity.
When it deems it safe, the malware spawns two different system processes named svchost.exe ( svchost.exe or Service Host is a standard Windows process), in an attempt to go unnoticed. One process starts cryptocurrency mining processes, while the other monitors antivirus solutions by stopping all activity when a virus scan is performed.
WinstarNssmMiner has one more surprise in store for them users of Windows, as in case its action is discovered and an attempt is made to terminate svchost.exe, the malware crashes Windows, leading to a BSOD. This is because the malware defines svchost.exe as CriticalProcess, causing Windows to shut down the computer when the malicious process is terminated.
According to researchers, malware is now spreading to more systems around the world, and the easiest way to keep it safe is to use up-to-date antivirus solutions but also specialized web mining protection applications.
___________________________
- AVCrypt the ransomware that before hitting deletes the antivirus
- RedDrop malware: Caution inflating accounts and circulating
- Windows Log Files: Find and Read Log Files