Cryptocurrency mining does not benefit from the best of reputations. That is primarily due to the growing number of nefarious efforts involving this business model. A recent development shows malware capable of mining cryptocurrency is now targeting Windows users.
The Cryptocurrency Mining Malware Trend Continues
Over the past few months, various alerts pertaining to crypto mining have surfaced. All of these incidents revolve around criminals hijacking computers to mine Monero or other currencies. In a new spin on this attack, Windows users are being targeted on purpose. Cryptojacking, while a very worrisome trend already, is only growing into a bigger industry at this stage.
Trend Micro researchers have stumbled across a new development. Their study of malicious cryptocurrency mining highlights an emerging trend. By actively distributing Windows installation packages, criminals try to mask their nefarious intentions. Unlike other distribution methods, Windows Installer MSI files are perfectly legitimate. As such, they do not necessarily arouse suspicion immediately.
There is a lot more to this new malware distribution campaign. In the software “directory”, numerous files are added as a decoy. Anti-malware tools installed on a computer will be tricked into overlooking these files altogether. This is another example of how crafty criminals have gotten in recent years.
Addressing the Epidemic Remains a Problem
Another peculiar aspect of this new malware deserves to be highlighted. This new tool, dubbed CoinMiner, does not just engage in malicious cryptocurrency mining. It also has a self-destruct feature to mask its activity. If the malware is detected by any software solution, it will simply delete its own installation directory completely.
This particular approach by criminals makes it difficult to thwart cryptojacking. If mining malware can come and go without leaving a trace, there is very little recourse to be taken. While malicious cryptocurrency mining scripts are easy to spot, these Windows Installation files are very different. It is another example of how the cryptojacking trend continues to evolve.
Earlier this year, this cryptocurrency mining trend took different shapes. The scripts became less apparent. Instead, malicious Flash updates and vulnerable routers became the new targets to exploit. By going after Windows users, this cryptojacking threat becomes a lot more troublesome to nip in the bud. Windows is the world’s most popular computer operating system, after all.
How can Windows users protect themselves from this variant of cryptomining malware? Let us know in the comments below.
Images courtesy of Shutterstock