14 DAY TRIAL // Digital coin mining is the new trend in the malware world, and a new super-aggressive infection has recently been spotted by security firm 360 Total Security.
Codenamed WinstarNssmMiner, the malware is specifically supposed to use all system resources to mine for Monero, using several protection techniques to bypass antivirus solutions and make sure users don’t close its processes.
First and foremost, when it infects a system, WinstarNssmMiner tries to avoid antivirus detection by not launching its malicious activities when a scan is performed, instead waiting for the right time to begin the next phase of infection.
The malware then creates two different system processes called svchost.exe in an attempt to hide its purpose. One of these two starts the digital mining task, while the other keeps an eye on antivirus solutions to suspend activities when a scan is performed.
Crashing Windows systems
The worst thing is that even if users detect the malware, closing the process from Task Manager is not possible because this actually triggers a BSOD, crashing the system and forcing a reboot, only for the malware to restart once again.
“Interestingly, this malware is acting snobbish when facing different antivirus software. It turns off antivirus protection of defenseless foes and backs off when facing sharp swords. As a result, users without a decent antivirus product have to live with the slowness and the blue screens of their computers,” the security firm says.
The malware uses all system resources to mine for Monero, and 360 Total Security says that by the time it was detected, it generated some $28,000 in the digital coin.
According to the analysis, the malware is now spreading to more systems across the world, and the easiest way to keep the data secure is to bring antivirus solutions fully up-to-date and manually scan new files when downloading. Also, using high-profile antivirus products can help block any possible infection.