Named "LoudMiner", ESET security researchers have named a cryptocurrency that can infect both Windows and MacOS systems, as well as intelligent camouflage strategies and an intelligent choice of attack targets.
LoudMiner uses the XMRig mining tool, which is freely available from GitHub, to extract the Monero cryptocurrency. In the past, criminals smuggled XMRig onto several million computers (Windows) to exploit their computing power. However, unlike malware from previous malicious code campaigns, LoudMiner is not based on a downloader component that identifies the operating system and its version first. Instead, it brings its own mining environment in the form of a virtual machine (VM) Tiny Core Linux with.
Music software is a good hiding place
Thanks to the VM strategy, that the ESET analysts in their blog at LoudMiner are "remarkable" and uncommon, at least the mining process itself works independently of the platform. The installation files that contain the required code are crack versions of professional music software for Windows or macOS that use the VST protocol (Virtual Studio Technology). After completing the configuration, LoudMiner installs the virtualization software that runs the VM (QEMU on macOS and VirtualBox on Windows); then follows the respective music software.
The fact that minds often offer software that is often very expensive as free bait on a specially created website should attract potential works in a reckless download. As another reason behind the choice of this concealment, ESET calls on the one hand the already considerable size of the installation files, in view of which the virtualization software is not obvious. And then there is the fact that VST-based software usually runs on very powerful hardware and uses them, so that even higher CPU consumption is not obvious or at least not surprising.
Website with malware still online
The Web site (vstcrack.xxx), on which ESET has discovered the malicious code, is still online at the moment. Overall, ESET has counted 42 Windows and 95 MacOS installation files for the famous Kontakt and Reaktor software from Native Instruments, Ableton Live, Reason by Propellerhead and Sylenth1 by LennarDigital. Some downloads have been commented over 100 times; How many times have the programs been downloaded, but cannot derive from them.
At the end of his blog, the ESET team names SHA-1 file names and hashes of some analyzed files where LoudMiner was found. But since ESET has only analyzed a few files, it's not clear how many of the hidden codes hide in total – and even if there are other unpleasant surprises in some of the remaining files. Those who are affected should immediately uninstall the downloaded software and thoroughly analyze their systems.
. (TagsToTranslate) crypto Mining (t) cryptocurrency (t) of malware (t) ransomware (t) VST