Malicious Mining Software

Posted by

Mining Cryptocurrency

There is new malware that makes your machine to mine bitcoin. Two months ago Kaspersky Lab discovered a computer program that forces computers and phones to mine Zcash.

What is Zcash?
Zcash is like bitcoin, but is considered to be a more private type of cryptocurrency. Unlike bitcoin, the person who sends the coin and the person who receives it is kept completely anonymous.

What is Mining ?

Fiat currency, comes from the government. The Federal Reserve in DC prints US dollars, and the European bank in Brussels prints Euros. Cryptocurrency on the other hand does not come from a government, but rather from a distributed algorithm. Computers validate these crypto-transactions by running hashing algorithms.

Mining Malware

Mining malware is not a new phenomena and was originally a problem associated with bitcoin. Bitcoin nowadays requires so much processing power that it is not worth targeting personal computers. The more recent viruses are now secretly mining Zcash. Zcash is a relatively new cryptocurrency that was released in October 2016. When Zcash was released one coin was worth $30,000. The value has since dropped, but it is still considered a financially attractive coin to mine.

Another reason why Zcash is such a target is because unlike bitcoin, Zcash transactions are mostly secret. The sender, and the recipeint information are obscured. The only thing that is visible is a ledger of encrypted metadata. These properties make Zcash an ideal currency for the black market.

Infected Machine

The most common way to get this virus is through pirated software, where the user is unaware that they are downloading a mining botnet. Since the software is not a virus, it can often go undetected by conventional antivirus programs- but honestly who uses those anymore?

One sign that your computer has been infected is if your machine is running unusually slow- the laggard performance is attributed to the fact that mining uses a ton of RAM! Also mining requires a lot of electricity. An unexplained drastic spike in the electricity bill can be a sign that you are running a silent mining botnet.

Mining Malware in the Wild

Here is a list of real names and of mining bots and where they can be found.

diskmngr.exe
mssys.exe
C:\system\taskmngr.exe
system.exe
nsdiag.exe
taskmngr.exe
svchost.exe
C:\Users\[username]\AppData\Roaming\MetaData\mdls\windlw\mDir_r\rhost.exe
qzwzfx.exe
C:\Users\[username]\AppData\Local\Temp\afolder\mscor.exe
C:\Program Files\Common Files\nheqminer64.exe
C:\Windows\Logs\Logsfiles64\conhost.exe
apupd.exe

If you want more details about these malicious programs, checkout SecureList’s blog post about mining malware.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *