Malware Disguised as Trend Micro Product Spreads Bitcoin Miner

These types of threats help cybercriminals make a decent profit

  Malware disguised as Trend Micro product
Cybercriminals often disguise their malicious elements to make them look as if they are security applications. In a recent campaign, they have masqueraded a piece of malware called TROJ_RIMECUD.AJL as a Trend Micro product in order to convince users to execute it.

Cybercriminals often disguise their malicious elements to make them look as if they are security applications. In a recent campaign, they have masqueraded a piece of malware called TROJ_RIMECUD.AJL as a Trend Micro product in order to convince users to execute it.

The initial file, olibo.exe, is described as a “Trend Micro AntiVirus Plus AntiSpyware” application. Once it’s launched, it injects its malicious code into the svchost.exe process and downloads a component package.

This package contains a Bitcoin miner – identified as HKTL_BITCOINMINE – apparently developed by Ufasoft.

Computers infected with such malware are turned into Bitcoin miners that help cybercriminals generate a profit.

These types of threats eat up a lot of system resources, so users who notice a sudden slowdown of their systems are advised to check for any suspicious application that might be running in the background.

Comments