Cryptojacking malware secretly mined Monero and crashed computers


In these modern times when everyone and everything is connected to the internet, not many people are really aware of the dangers that are crawling in every corner of the internet.

With the convenience of an internet connection almost everywhere a wifi network can reach, we are exposing ourselves into the hands of hackers that will try to use every possibility to steal our personal information or use our smart devices for their own needs.

Such an event had just taken place when a new piece of the famous cryptojacking malware had infected and used without the users consent a half a million computers in order to mine 133 Monero coins with a worth of 25 thousand dollars in a matter of three days.

This malware named “WinstarNssmMiner” has been discovered by the security researchers of 360 Total Security. It had been spreading through emails and compromised webpages. After a unfortunate download of this malware, it launches a script called “svchost.exe” that is used as a management tool for the basic functions of a operating system on the computer. Next, the malware injects the script with with malicious code that is making the other apps in the background run normally as nothing happened in order to avoid detection.


Now there is an even bigger problem. Once this cryptominer malware manages to complete the previous steps of infecting a computer, then it changes the PC’s “Critical Process” function. This means whenever it scans the infected computer for antivirus programs and finds any of the well known computer security applications like Kaspersky Labs, Avast and others, it will automatically crash the computer system. On the other hand if a weaker or not so well known antivirus programs are discovered, then the users are faced with crippling processor speeds and blue screens, giving the malware all of the processing power of the infected computer on its disposal.

A statement for this latest event has been issued by 360 Total Security saying that they were “surprised” of the capabilities of this malware because not only it was able to mine Monero but it could also crash the user’s computer if it detects a presence of certain antivirus applications:

“This malware is very hard to remove since victims computers crash as soon as they found and terminate the malware.”

Events like these have risen dramatically this year. A warning from Microsoft had highlighted 664 thousand infected devices in a period from September 2017 to January 2018.

As the info suggests there have been in total four mining pools so far that were discovered having a link with this newest attack. The malware is based on XMRig, an open-source crypto mining project. The script that have been used however, has been hijacked by malware developers for specific purposes of fraudulent mining.

An IBM research has found the connection between XMRig and the crypto mining malware RubyMiner and Waterminer.

The number of companies that had experienced cryptojacking in their cloud environments has risen to 25 percent just this year alone.