In recent years we have seen how many types of threats related to cryptocurrencies have appeared. We live an important boom that caused many hackers to see it as a good opportunity. Cryptocurrency miners appeared, for example. Trojans also able to steal wallet addresses. Today we echo a new method for casting a Monero miner on Windows.
New method to mine Monero on Windows
If we talk about one of the most commonly used cryptocurrencies to undermine , that is Monero. It is undoubtedly one of the most important for hackers because of its simplicity when mining and not requiring an excessively strong device. This has caused that there are many threats related to this digital currency.
We are used to seeing a “fight” between security tools and hackers. It is true that our antivirus and any software we use to protect our systems have improved significantly in recent times. They are better able to detect and eliminate threats. However, it should also be mentioned that cybercriminals have improved their attacks to make them more sophisticated.
Something like this is what happens with this new method that they have used to introduce a Monero miner in Windows . As we know it is the most used operating system on desktop computers and that makes many users who may be affected.
This new technique consists in the emptying of processes. Basically what they do is introduce the Monero miner into the system, but at the same time they eliminate those processes so they are not detected. In this way, he manages to hide the process by replacing it with a secondary one. They use a second file that acts as a container. That file is not malicious, so it is not detected by antivirus. However, the main one, the one that mines Monero, acts freely.
Trend Micro security researchers have discovered a considerable increase in this malicious activity since last November. They indicate that this file capable of hiding the process is a 64-bit binary full of malicious code, capable of verifying certain arguments and subsequently verifying it.
The infection phase goes through two stages
We can say that malware infection goes through two stages. In the first one, he performs an arithmetic operation on alphanumeric chains, which according to the researchers who examined the alphanumeric chain includes information such as the address of the cryptocurrency wallet, which is the argument required to trigger malicious activity.
Subsequently, in the second stage, execute the Wakecobs EXE file. At this point it replaces the malicious code of the process memory that allows the miner to run in the background. From there it begins to use system resources to undermine cryptocurrencies.
It must be taken into account that this type of threats can put at risk the proper functioning of our equipment. They could even pose serious problems such as overheating or excessive wear of the hardware.