Hackers hide malware from mining in Windows installation files

Crypto-diversion systems are becoming more complex day by day. It seems that hackers now hide cryptocurrency extraction malware and pass it on as legitimate Windows installation packages.

The researchers say the malware, more commonly known as Coinminer, was specifically designed to fly under the radar. What makes the attack particularly difficult to detect is that it uses a series of obscuration methods.

The discovery comes from the Trend Micro security company, which has since documented the attack vector in more detail.

"The malicious software arrives on the victim's machine as an MSI Windows Installer file, which is remarkable because Windows Installer is a legitimate application used to install software, "reads the report. "Using a real-world Windows component gives it a less suspicious appearance and potentially allows it to bypass some security filters."

The hoax of hackers does not stop there. The researchers noted that once installed, the malware directory contains various files acting as lure. Among other things, the installer comes with a script that neutralizes all anti-malware processes running on your computer, as well as the cryptocurrency extraction module.

The researchers also observed that the malware had an integrated self-destruct mechanism to cover its tracks. "To make detection and analysis even more difficult, the malware also has a self-destruct mechanism, "the report says. "It deletes all the files from its installation directory and removes all traces of installation in the system."

Although Trend Micro has not been able to link the attack to a specific country, the installation program uses Cyrillic. In all fairness, Cyrillic seems to be quite popular among cryptocurrency criminals.

The malware epidemic cryptocurrency extraction

In early 2018, security experts have warned that crypto-jacking scripts should proliferate in all sorts of unexpected places.

Indeed, this year, we've seen hackers infiltrating cryptocurrency malware via Adobe Flash updates, routers, and thousands of commercial and government sites.

In the latest high-profile crypto-jacking case, a week ago, a Canadian university was forced to temporarily kill its entire network after discovering that hackers were stealing computing power to secretly exploit Bitcoin.

Given the scale of malicious cryptocurrency mining programs, it is not surprising that reports suggest that crypto-jackers generate more than $ 250,000 a month.

Posted on November 8, 2018 – 15:20 UTC