Malware Disguised as Trend Micro Product Spreads Bitcoin Miner

These types of threats help cybercriminals make a decent profit

By on December 8th, 2012 10:40 GMT

Cybercriminals often disguise their malicious elements to make them look as if they are security applications. In a recent campaign, they have masqueraded a piece of malware called TROJ_RIMECUD.AJL as a Trend Micro product in order to convince users to execute it.

The initial file, olibo.exe, is described as a “Trend Micro AntiVirus Plus AntiSpyware” application. Once it’s launched, it injects its malicious code into the svchost.exe process and downloads a component package.

This package contains a Bitcoin miner – identified as HKTL_BITCOINMINE – apparently developed by Ufasoft.

Computers infected with such malware are turned into Bitcoin miners that help cybercriminals generate a profit.

These types of threats eat up a lot of system resources, so users who notice a sudden slowdown of their systems are advised to check for any suspicious application that might be running in the background.


Malware disguised as Trend Micro product
   Malware disguised as Trend Micro product