Malware: Battle of the Crypto Miners by pundito

cryptocurrency · @pundito · Mar 16 '18 (edited)

$5.57

Malware: Battle of the Crypto Miners

### Cryptocurrency mining Trojans are the new trend in the malware scene. No wonder the developers are constantly improving their malware.

<center>![sunset-3192063_640.jpg](https://steemitimages.com/DQmXiLJ2hymkMDHytqD9nKZvLKAu5vgWNCftRwnHhAwD49X/sunset-3192063_640.jpg)
[pic source](https://pixabay.com)</center> 

The bandages in the battle for resources are getting tougher: The [ICS Sans](https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/) has now discovered a crypto-miner that is looking for competitors in the first place and shuts them down in order to use the precious computing time for himself. In addition to the competing crypto-miners, the malware is able to recognize and terminate other processes that demand a lot of system performance, too.

The competitors switching off mining-trojan is targeting Windows users and disguised as an unsigned driver for HP printers in a 32- and 64-bit variant. It is currently unknown how the trojan is distributed and injected. Meanwhile, many virus scanners detect the Trojan and [sound the alarm](https://www.virustotal.com/#/file/3d8a6698ab0512ddf0c42826a570c2f82e3ec5e0f415538232353df937508042/detection).

<center>![virus-3075848_640.jpg](https://steemitimages.com/DQmPkZ7T6UyjHSjybquLRBXBn8iCP3Uc86JZ77juZTmjCJE/virus-3075848_640.jpg)
[pic source](https://pixabay.com)</center>

Those who fear an infection will find in ICS Sans' article a list of Windows processes that often appear in the context of active crypto-trojans in the Task Manager. If one of them turns up in it, you should end the process.

### Crypto-miner instead of ransomware

Since cryptocurrency rates such as Bitcoin explode, many malware authors have turned to crypto-miners. These have been making more headlines than blackmail Trojans for several months, which have brought unbelievable amounts of money to blackmailers in recent years.

The secret mining of crypto-currency does not just happen through Trojans on infected computers. Criminals also abuse web browsers or Google's DoubleClick advertising platform for these purposes.

At the end of last year, software manufacturers became aware of this and offer various protection concepts. In the web browser often helps an ad blocker, which can also block mining scripts.

I published [a post about crypto-jacking and the countermeasure](https://steemit.com/technology/@pundito/crytojacking-are-you-vulnerable) some weeks ago.

Have a nice weekend and keep on steeming!

[Story source](https://www.heise.de/security/meldung/Malware-Der-Kampf-der-Krypto-Miner-3996202.html)

<center><a href="https://smartsteem.com?r=pundito" target="_blank"><img src="https://steemitimages.com/0x0/https://steemitimages.com/DQmYRoKwatvUwCAfuZo4Gbvbr2qhtYLDZfbmBfNw76BnhiC/smartsteem_banner.gif" /></a></center>

<center>[<img src="https://steemitimages.com/DQmarWRv4wXiqPZbmtDCDRTwE5jewDQrG1ATrXcFrTThxht/Gifbanner.gif">](https://steemit.com/qurator/@qurator/qurator-2-0-update-post-guidelines-or-registration-details-or-tier-changes)</center>

👍 msp-curation, ausbitbank, ourdailyboard, resiliencia, qurator, adonisabril, passive, minnowsupport, scaredycatguide, nv21089, donc, mynaturebody, azadhaso, pi50000, mackcom, webresultat, doctorspence, captainklaus, tamala, anwarabdullah, chaka321, azzurra92, adept-forever, arnel, egotheist, sixexgames, theuxyeti, reyha, babysloth, midlet, ryacha21, punwik, dr-boo, folkert, perfectsense, sergey44, steemcoinflip, adayat523, jameszenartist, piszozo, kayros, barcenas, wanderingartist, dotevo, romz410, holabisi, jack-meadows, airshipidea, johnny-appleseed, whitewarlike, steemwart, julesdan, sakibarifin, greatestjourney, psionic-tremors, fishyculture, shadowspub, scrooger, oleg326756, recordpool, skycae, theleapingkoala, bigtom13, qwasert, and 8 others

`post_id`	38,900,029
`author`	pundito
`permlink`	malware-battle-of-the-crypto-miners
`category`	cryptocurrency
`json_metadata`	"{"app": "steemit/0.1", "format": "markdown", "links": ["https://pixabay.com", "https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/", "https://www.virustotal.com/#/file/3d8a6698ab0512ddf0c42826a570c2f82e3ec5e0f415538232353df937508042/detection", "https://steemit.com/technology/@pundito/crytojacking-are-you-vulnerable", "https://www.heise.de/security/meldung/Malware-Der-Kampf-der-Krypto-Miner-3996202.html", "https://smartsteem.com?r=pundito", "https://steemit.com/qurator/@qurator/qurator-2-0-update-post-guidelines-or-registration-details-or-tier-changes"], "image": ["https://steemitimages.com/DQmXiLJ2hymkMDHytqD9nKZvLKAu5vgWNCftRwnHhAwD49X/sunset-3192063_640.jpg"], "tags": ["cryptocurrency", "trojan", "virus", "windows", "hack"]}"
`created`	2018-03-16 08:47:48
`last_update`	2018-03-16 14:05:42
`depth`	0
`children`	3
`net_rshares`	1,574,291,503,428
`last_payout`	2018-03-23 08:47:48
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	4.240 SBD
`curator_payout_value`	1.327 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	3,043
`author_reputation`	28,473,735,368,834
`root_title`	"Malware: Battle of the Crypto Miners"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (72)

voter	rshares	pct
gregory-f	105,975,689	0.25%
ausbitbank	395,128,949,022	5%
sergey44	4,262,000,318	100%
scaredycatguide	23,020,683,878	15%
shadowspub	312,642,816	0.12%
azadhaso	16,070,899,441	100%
romz410	3,324,934,874	100%
steemwart	3,150,265,018	100%
oleg326756	204,263,226	0.25%
adayat523	4,047,327,616	100%
sixexgames	5,909,299,612	100%
anwarabdullah	6,679,013,800	100%
azzurra92	6,353,168,066	100%
dr-boo	4,528,457,209	100%
arnel	6,266,027,678	100%
scrooger	272,891,709	0.18%
qwasert	117,474,532	0.1%
chaka321	6,493,048,661	100%
mynaturebody	17,783,660,854	100%
minnowsupport	24,209,117,840	0.5%
dotevo	3,327,788,097	100%
mackcom	10,684,047,076	100%
barcenas	3,574,027,259	100%
resiliencia	81,255,228,681	27%
donc	17,829,658,380	100%
theleapingkoala	131,080,351	0.31%
samiwhyte	52,984,588	0.12%
webresultat	8,056,456,882	100%
kayros	3,671,448,560	100%
fishyculture	403,925,263	1%
superdavey	52,658,992	0.02%
greatestjourney	2,821,322,863	100%
qurator	65,335,507,249	1.25%
sakibarifin	3,040,833,068	100%
jack-meadows	3,223,263,215	100%
captainklaus	7,243,252,298	100%
holabisi	3,296,043,409	100%
airshipidea	3,219,518,321	100%
wanderingartist	3,337,329,832	100%
cheneats	74,397,901	10%
johnny-appleseed	3,175,687,974	100%
reyha	5,641,017,617	100%
skycae	140,521,808	0.06%
egotheist	6,057,785,806	100%
perfectsense	4,289,492,302	100%
jameszenartist	4,046,374,070	100%
piszozo	3,970,376,259	100%
julesdan	3,111,254,618	100%
msp-curation	461,966,541,789	90%
adonisabril	43,197,754,230	100%
theuxyeti	5,888,700,571	100%
ryacha21	4,953,163,279	100%
wisewoof	109,841,084	0.03%
nv21089	22,023,629,400	100%
energyaddict22	82,787,635	0.43%
bigtom13	128,901,513	0.25%
punwik	4,554,791,343	100%
babysloth	5,447,802,116	100%
whitewarlike	3,160,046,521	100%
passive	41,317,973,186	100%
tamala	6,685,719,594	100%
ourdailyboard	155,861,628,705	52%
doctorspence	7,433,336,978	100%
folkert	4,391,709,870	100%
psionic-tremors	648,823,745	100%
mwfiae	93,197,134	0.12%
midlet	5,247,744,710	100%
recordpool	140,911,730	5%
pi50000	11,130,447,045	100%
steemcoinflip	4,180,073,962	100%
adept-forever	6,287,464,922	100%
mbot	55,127,768	10%

@minnowsupport · Mar 17 '18

<p>Congratulations!  This post has been upvoted from the communal account, @minnowsupport, by pundito from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows.  Please find us at the <a href="https://discord.gg/HYj4yvw"> Peace, Abundance, and Liberty Network (PALnet) Discord Channel</a>.  It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.</p> <p>If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: <a href="https://v2.steemconnect.com/sign/delegateVestingShares?delegator=&amp;delegatee=minnowsupport&amp;vesting_shares=102530.639667%20VESTS">50SP</a>, <a href="https://v2.steemconnect.com/sign/delegateVestingShares?delegator=&amp;delegatee=minnowsupport&amp;vesting_shares=205303.639667%20VESTS">100SP</a>, <a href="https://v2.steemconnect.com/sign/delegateVestingShares?delegator=&amp;delegatee=minnowsupport&amp;vesting_shares=514303.639667%20VESTS">250SP</a>, <a href="https://v2.steemconnect.com/sign/delegateVestingShares?delegator=&amp;delegatee=minnowsupport&amp;vesting_shares=1025303.639667%20VESTS">500SP</a>, <a href="https://v2.steemconnect.com/sign/delegateVestingShares?delegator=&amp;delegatee=minnowsupport&amp;vesting_shares=2053030.639667%20VESTS">1000SP</a>, <a href="https://v2.steemconnect.com/sign/delegateVestingShares?delegator=&amp;delegatee=minnowsupport&amp;vesting_shares=10253030.639667%20VESTS">5000SP</a>. <br><strong>Be sure to leave at least 50SP undelegated on your account.</strong></p>

properties (22)

`post_id`	39,142,606
`author`	minnowsupport
`permlink`	re-malware-battle-of-the-crypto-miners-20180317t215735
`category`	cryptocurrency
`json_metadata`	{}
`created`	2018-03-17 21:57:36
`last_update`	2018-03-17 21:57:36
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-24 21:57:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	1,703
`author_reputation`	104,981,098,086,561
`root_title`	"Malware: Battle of the Crypto Miners"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@liberviarum · Mar 19 '18

Nice article. Thank you for bringing this news. Malwares vs malwares. Lol. 

However since it's targeting Windows, any Linux / Mac systems are safe I assume?

👍 pundito

`post_id`	39,458,949
`author`	liberviarum
`permlink`	re-pundito-malware-battle-of-the-crypto-miners-20180319t173040358z
`category`	cryptocurrency
`json_metadata`	"{"app": "steemit/0.1", "tags": ["cryptocurrency"]}"
`created`	2018-03-19 17:30:42
`last_update`	2018-03-19 17:30:42
`depth`	1
`children`	1
`net_rshares`	2,912,077,273
`last_payout`	2018-03-26 17:30:42
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	157
`author_reputation`	724,435,960,074
`root_title`	"Malware: Battle of the Crypto Miners"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
pundito	0 B		2,912,077,273	100%

@pundito · Mar 19 '18

Hi @liberviarum,
they are indeed targeting Windows. I could not find any news about this regarding Linux / Mac systems. So I assume they are still save.
Happy steeming!

properties (22)

`post_id`	39,472,736
`author`	pundito
`permlink`	re-liberviarum-re-pundito-malware-battle-of-the-crypto-miners-20180319t191418131z
`category`	cryptocurrency
`json_metadata`	"{"app": "steemit/0.1", "users": ["liberviarum"], "tags": ["cryptocurrency"]}"
`created`	2018-03-19 19:14:15
`last_update`	2018-03-19 19:14:15
`depth`	2
`children`	0
`net_rshares`	0
`last_payout`	2018-03-26 19:14:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	168
`author_reputation`	28,473,735,368,834
`root_title`	"Malware: Battle of the Crypto Miners"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000