Warning: file_put_contents(/srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/bulk-post-0.4-1/cache/sessions//Xfm5VEkKijti0wBKRdhvP3iMiU2dEvtzcUyfvKrX): failed to open stream: No space left on device in /srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/stupidpie-1.8.3-1/vendor/illuminate/filesystem/Filesystem.php on line 122
  Malware Installs XMRig Crypto-Mining Tool on Millions of PCs | Bit Updates
Home » bitcoin updates » Malware Installs XMRig Crypto-Mining Tool on Millions of PCs

Malware Installs XMRig Crypto-Mining Tool on Millions of PCs

Friday, January 26th, 2018 | bitcoin updates

          
    
    
    (Picture: pixabay.com)
                
            
             A new scam has recently been added to the secret crypto-mining in the browser: criminals are channeling open-source mining tools onto third-party PCs in order to profit permanently from their computing power. Millions of users should be affected.
            

        

        An up-to-date malware campaign is abusing the open source crypto-mining tool XMRig to rip up Monero's cryptocurrency on foreign machines. Palo Alto Networks security researchers have been monitoring malicious code propagation targeting Windows systems for over four months. According to their analyzes, at least 15 million computers worldwide are said to be infected with the mining malware – more than 6.5 million of them are in Thailand, Vietnam and Egypt.
Unlike previous cryptomining campaigns that rely on JavaScript code in the browser, the malicious code nestles permanently in the current case on the computers – the mining process is thus no longer limited to surfing the Internet. The malware uses two Visual Basic Scripts (VBS) that first determine if the operating system of the target computer is a 32-bit or 64-bit Windows version. Then they download the appropriate XMRig version from the Internet, start it and start the secret mining. The proceeds flow into the digital purses of the malware makers.
Software downloads as an excuse The malware is distributed via URLs that are shortened using URL shorteners such as bit.ly and ad.fly. They often refer to files with names such as [File4org] _421064.exe, [Dropmefiles] _420549.exe or [RapidFiles] _48905.exe. Apparently, they should give the impression of coming from known file-sharing services; in fact, according to the researchers, more than half of the samples they discovered lurked at cloud storage provider 4Sync.

  

          
          The filenames often include the names of popular filehosters.
        
          (Photo: Palo Alto)

        
    Among other things, Palo Alto's research on the file names revealed a German-language forum contribution. Its creator probably assumed that one of the prepared ad.fly links leads to the update of a cheat software for "Counter-Strike: Global Offensive". On the one hand, this indicates camouflage and dissemination as software downloads and, on the other hand, that among the victims of the new mining scam are also users from Germany.
The researchers informed the short URL service bit.ly about the malware links, which promptly deleted them. This, of course, does not erode the danger posed by the malicious code – especially as the criminals can resort to numerous alternatives such as ad.fly, TinyURL or goo.gl.

(Ovw)

      

Related

Kenya: Traders charged wi

Three people were arrested in Kenya for attempted theft of money and subsequent

Council of Europe: Fact c

                         (Picture: dpa, Tobias Hase / Symbolbild)                                            In the

Euro on Sunday covers: He

from Jörg Lang, Euro on Sunday Some things have changed since Monsanto accepted

Eastern Europe Stocks Fin

BUDAPEST / WARSAW / PRAGUE / MOSCOW (AP-AFX) – The main Eastern European