Hackers keep finding new ways to steal cryptic currency. It seems that hackers have now found a way to hide malware that allows them to avoid cryptographic currency as legitimate Windows installation files. Malware known as Coinminer is specifically designed to fly under the radar.

That’s what security researchers from Trend Micro report. They write that Coinminer uses a number of methods to be invisible. In the meantime, the researchers have mapped out the malware in detail and have written down exactly how the malware works.

Disguised as an installer

According to Trend Micro researchers, the malware arrives on a Windows device disguised as an MSI installation file. That is striking, because Windows Installer is a legitimate application that installs software, the researchers write. By using a real Windows component, it seems less suspicious and the malware can potentially bypass certain security filters.

Once the malware is installed, the malware directory contains a number of files that serve as a distraction. For example, the installer contains a script that prevents all antimalware processes on a computer. In addition, there is a script in the directory that actually starts to depreciate crypto-currency.

Finally, the malware contains a built-in self-destruct mechanism. To make detection and analysis even more difficult, the malware is equipped with a self-destruct mechanism. It deletes any file in the installation folder and also deletes any trace of the installation from the system.

Cryptominers very popular

Cryptominers have been gaining in popularity in recent years. Researchers warn that 2018 is probably the year of the cryptominer. Hackers are looking for all kinds of ways to install miners on devices. They come along with Adobe Flash updates, via routers and thousands of commercial and non-commercial websites.

Recently it became clear that a Canadian university had an infected network, which had to be completely offline in order to prevent the hackers from still being able to mince cryptic currency. It’s not very strange that hackers keep trying to install miners; there would be $250,000 of cryptic currency coming in monthly this way.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.