21 June 19, 10:51
Quote:ESET has warned of cross-platform software which is used to mine cryptocurrency.
Named LoudMiner, the malware uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency on a Tiny Core Linux virtual machine. LoudMiner is distributed in pirated copies of audio software called VST (Virtual Studio Technology) and once an endpoint is infected, LoudMiner uses the compromised machines to mine cryptocurrency and uses SCP (Secure File Copy) with an embedded username and private SSH key to self-update.
ESET researchers said that the miner itself is based on XMRig (Monero) and uses a mining pool, and therefore it is impossible to retrace potential transactions.
“At the time of writing, there are 137 VST-related applications (42 for Windows and 95 for macOS) available on a single WordPress-based website with a domain registered on 24th August, 2018,” researchers said.
“The first application – Kontakt Native Instruments 5.7 for Windows – was uploaded on the same day. The size of the apps makes it impractical to analyze them all, but it seems safe to assume they are all Trojanized.”
SOURCE: https://www.infosecurity-magazine.com/ne...yptominer/