Cybercriminals often disguise their malicious elements to make them look as if they are security applications. In a recent campaign, they have masqueraded a piece of malware called TROJ_RIMECUD.AJL as a Trend Micro product in order to convince users to execute it.
The initial file, olibo.exe, is described as a “Trend Micro AntiVirus Plus AntiSpyware” application. Once it’s launched, it injects its malicious code into the svchost.exe process and downloads a component package.
This package contains a Bitcoin miner – identified as HKTL_BITCOINMINE – apparently developed by Ufasoft.
Computers infected with such malware are turned into Bitcoin miners that help cybercriminals generate a profit.
These types of threats eat up a lot of system resources, so users who notice a sudden slowdown of their systems are advised to check for any suspicious application that might be running in the background.