New Crypto Mining Malware Seen to ‘Evolve,’ Say Researchers
Check Point Software Technologies, an Israeli-based cyber security company, says that a relatively new form of cryptographic mining (KingMiner) is "evolving."
In a study note last Thursday, Ido Solomon and Adi Ikan pointed out that KingMiner, the mono-mining malware that first appeared about six months ago, is changing over time to avoid detection, Of itself.
The researchers said:
"Malware continues to add new features and bypass methods to avoid emulation, creating critical dependencies while manipulating and emulating the files that are most needed."
As a result of this strategy, malware is being detected at a "fairly" reduced rate by the security system.
Malware usually targets Microsoft servers (mainly IIS SQL) and is configured to use 75% of the CPU capacity of the victim machine for mining, but actually uses 100% of the total.
For confidentiality, KingMiner has shown that it uses a dedicated mining pool to avoid detection. The API is also switched off.
"We have not yet decided which domain is used, but we can see that the attack is now spreading to Mexico, India, Norway and Israel," the researcher said.
Continuous changes can make malware more successful, and these avoidance technologies will continue to evolve in 2019 and are expected to become more common through the use of encrypted mining malware variants.
Picture of virus through Shutterstock
(f.fbq) return; n = f.fbq = function () n.callMethod?
n.callMethod.apply (n, arguments): n.queue.push (arguments); if (! f._fbq) f._fbq = n;
n.push = n; n.loaded =! 0; n.version = & # 39; 2.0 & # 39 ;; n.queue = ; t = b.createElement (e); t.async =! 0;
t.src = v; s = b.getElementsByTagName (e) ; s.parentNode.insertBefore (t, s)} (window,
Document, & # 39; script & # 39 ;, & # 39; // connect.facebook.net/en_US/fbevents.js');
fbq (& # 39; init & # 39 ;, & # 39; 239547076708948 & # 39;);
fbq (& # 39; track & # 39 ;, & # 39; PageView & # 39;);
You must log in to post a comment.