ESET, a pioneer when it comes to cybersecurity, has detected an atypical malware that can infect MacOS and Windows.
This malicious software appeared in August 2018. A message regarding it was disclosed in ESET's research report published on June 20, 2019.
LoudMiner - a new malware that uses computing power and processor power to (...) extract cryptocurrencies.
According to ESET, a new malware named LoudMiner
, a virtualization software, on Windows and QEMU on MacOS in order to extract cryptocurrencies by using Tiny Core Linux
, a virtual miner. Thanks to this, it can infect many operating systems. Most probably the excavator itself uses XMRig
, an open source software used to extract Monero
altcoin (XMR). Thus, it prevents tracking of the transaction.
Research has shown that in both MacOS and Windows, malware works together with pirated applications
. They are combined with virtualization software and additional files. After downloading, LoudMiner is installed before the desired software, but it "hides" and installs permanently only after restarting the computer.
ESET noted that this malware mainly aims applications related to audio production. They usually work on computers with high computing power so that the high CPU usage caused by extraction may not be suspicions in any way. Moreover, the attackers allegedly take advantage of the fact that such applications are usually very complex and large enough to easily hide images of virtual excavators. Moreover, according to researchers, the decision to use virtual excavators instead of an easier solution is quite unusual and extraordinary, it is not something that we see every day.
How to detect this malware?
Researchers are warning users that the best way to protect themselves from such malicious programs is to not download pirated versions of programs and applications.
Nevertheless, along with high CPU usage, there are several factors that can help to unveil this malware. There are, among others, pop-ups
from unexpected "additional" installer and a new application added to the list of startup services
. Network connections with unusual domain names
, due to the scripts in the virtual excavator, are another sign of malware.