Discovery of a cryptominer capable of crashing Windows

Who I am
Alejandra Rangel
@alejandrarangel
Author and references
Comment (5)

Researchers from the Chinese company Qihoo 360, publisher of the 360 鈥嬧婽otal Security antivirus, have discovered a particularly harmful next-generation cryptominer. Dubbed WinstarNssmMiner, this malware automatically crashes the Windows system when the user or an antivirus tries to block it. More than 500 Internet users are already infected worldwide.




漏360 Total Security

While recent cryptominers are generally discreet in order to mine cryptocurrencies on the backs of users for as long as possible, "WinstarNssmMiner" on the contrary brings systems to their knees. Particularly twisted, the program exploits the Service Host process (svchost.exe) of different versions of Windows to force the system to load a malicious .dll file. Users who do not have an antivirus worthy of the name then experience huge slowdowns followed by a series of blue screens. 360 Total Security researchers say they intercepted more than 500 attacks in three days. This is the first time they have faced such a tough cryptominer.



Catch Me If You Can !

After injecting the malicious code into svchost.exe, the malware creates two processes: the first exploits the computing power of the system to mine cryptocurrency, while the second monitors the system for possible antivirus software. It pretends to be a system critical process in order to cause system crash when user or protection software tries to stop it. According to the researchers, the program would perform a system scan to detect the presence of an antivirus solution before starting its mining activities. In the majority of cases, the program would favor unprotected machines to avoid any confrontation with antivirus software. The editor therefore recommends that users install an antivirus solution and perform a full system scan to protect themselves from cryptominers.



Audio Video Discovery of a cryptominer capable of crashing Windows
add a comment of Discovery of a cryptominer capable of crashing Windows
Comment sent successfully! We will review it in the next few hours.