Researchers from the Chinese company Qihoo 360, publisher of the 360 Total Security antivirus, have discovered a particularly harmful next-generation cryptominer. Dubbed WinstarNssmMiner, this malware automatically crashes the Windows system when the user or an antivirus tries to block it. More than 500 Internet users are already infected worldwide.
©360 Total Security
While recent cryptominers are generally discreet in order to mine cryptocurrencies on the backs of users for as long as possible, "WinstarNssmMiner" on the contrary brings systems to their knees. Particularly twisted, the program exploits the Service Host process (svchost.exe) of different versions of Windows to force the system to load a malicious .dll file. Users who do not have an antivirus worthy of the name then experience huge slowdowns followed by a series of blue screens. 360 Total Security researchers say they intercepted more than 500 attacks in three days. This is the first time they have faced such a tough cryptominer.
Catch Me If You Can !
After injecting the malicious code into svchost.exe, the malware creates two processes: the first exploits the computing power of the system to mine cryptocurrency, while the second monitors the system for possible antivirus software. It pretends to be a system critical process in order to cause system crash when user or protection software tries to stop it. According to the researchers, the program would perform a system scan to detect the presence of an antivirus solution before starting its mining activities. In the majority of cases, the program would favor unprotected machines to avoid any confrontation with antivirus software. The editor therefore recommends that users install an antivirus solution and perform a full system scan to protect themselves from cryptominers.