Cryptomining is no longer big news. There are many new GPUs in the market with which one can mine cryptocurrency. But, the minute this process is undertaken illegally, without the PC owner’s knowledge, it turns in to cryptojacking.
Cryptojacking occurs on a victim’s PC through third party channels. They can be government sites or dark web sites. Irrespective of its origins, once the mining JavaScript gets on to one’s PC, it becomes rather difficult to delete them.
Once it starts mining, it eats into your PC’s power. This may not seem like a very big deal, but, when this process is finally noticed by the victim and they want to delete this virus from their PC, it turns malicious and begins deleting the data that is stored in the PC’s drives. This is exactly what is being done by ‘WinstarNssmMiner’. This coin miner has hit 500,000 victims in a matter of days!
‘WinstarNssmMiner’: How It Operates
It first infects the victim’s PC. at this stage it is not detected by the user. Once in the PC’s processor, it scans for Kaspersky and Avast antivirus applications that run on PC. In the off chance, that the user is using either of the 2 famous antiviruses, it abandons the infection process. If it does not detect the two, it launches two svchost.exe processes. One of these processes are meant for mining and the other to override the antivirus. The processes are powerful enough to override majority of the famous Antivirus programs available in the market. It is due to this feature that it manages to avoid detection until it is too late.
Unfortunately for the victim, this malicious coin miner doesn’t just stop at cryptojacking and mining Monero. Once the ‘svchost.exe’ is detected and any attempt for its removal are made, it crashes the victim’s PC.
360 security researchers who first detected the malware, said, “This malware is very hard to remove since victims’ computers crash as soon as [it’s] found. We’re quite surprised to see a cryptominer being so brutal to hijack victims’ computers by adopting techniques of stubborn malware”.
The Consensus: Beware!
It may seem futile trying to remove the malware when it so blatantly damages the data on the PC before crashing it completely and rendering it useless. The key factor to keep in mind is that this malware fears good quality antivirus programs. Hence, one needs to update their computers and load only the best antivirus to protect their data. As cryptocurrency usage becomes more mainstream, it is important that we keep a few things in mind.
- Invest in a good quality antivirus.
- Also, update to the latest version currently loaded on your PC
- Backup your data
- Avoid sites where such dubious scripts can enter your system
- Always avoid clicking on messages or links which come from unknown origins.
- Check each and every new application with the antivirus program before executing it.
Must Read : New Malware On Android That Records Your Calls And Messages
One does not know the end game of this malware. As previously stated, the number of malicious cryptojacking malware are increasing in the market. Surprisingly, WinstarNssmMiner is based on a standard XMR mining rig. It shows its true colors only when it is pitted against antivirus programmers. At the time of publishing, it had already managed to mine 133 coins, worth $26,800.
Leave a Reply