The computer security company Check Point Research has discovered that the KingMiner cryptojacker that targets the cryptocurrency Monero (XMR) is "evolving", according to the blog post published on November 30th.
KingMiner was allegedly discovered for the first time in mid-June, and then evolved into two improved versions. The malware attacks Windows servers by implementing various evasion methods to ignore detection. For control point data, several detection engines recorded significantly lower detection rates, while sensor logs showed an increasing number of KingMiner attacks.
The company has monitored the activity of KingMiner over the past six months and has concluded that malware has evolved into two new versions. The blog post further explains:
"The malware continually adds new features and exclusion methods to avoid emulation, mainly manipulating the necessary files and creating a dependency that is critical during emulation, and as part of the continuous evolution of the malware, we have found many placeholders for future operations or upcoming updates that will make this malware even more difficult to detect. "
Check Point has determined that KingMiner uses a private mining pool to avoid any detection of its activities, in which the pool's (pool) API is disabled and the wallet is not used in any public mining pool. The attacks are widespread throughout the world.
According to the company's results, malicious software tries to guess the passwords of attacking servers. Once a user downloads and runs the Windows Scriptlet file, he or she identifies the CPU (Central Processing Unit) architecture of the device and downloads a ZIP file of the payload based on the detected CPU architecture.
The malware eventually destroys the related .exe file process and deletes the files themselves if there are earlier versions of the attack files. Check Point also notes that the file is not a real ZIP file, but rather an XML file, which will bypass emulation attempts.
As Cointelegraph reported yesterday, Russian Internet security company Kaspersky Labs found that encryption malware became increasingly popular among botnets in 2018. During the "boom" of Q1 2018, the amount of encrypted malware downloaded from botnets, out of a total of files, it reached 4.6 percentage – compared to 2.9% in the second quarter of 2017.
It is therefore said that botnets are increasingly seen as a means of spreading crypto-mining malware, with cybercriminals increasingly seeing cryptography as more favorable than other attack vectors.
[ad_2]Source link