New Cryptojacker Shuts Down Computer When Confronted by Antivirus

Thursday, 17/05/2018 | 12:16 GMT by Simon Golstein
  • WinstarNssmMiner has already gotten away with thousands of dollars.
New Cryptojacker Shuts Down Computer When Confronted by Antivirus
FM

Computer users are advised to be aware of a Cryptojacking virus which has a novel way of protecting itself.

The virus is called WinstarNssmMiner. Based on a standard XMR mining rig, it differs from a standard cryptocurrency mining virus because when it is targeted by antivirus software it reacts by crashing the host computer to avoid confrontation.

According to Chepicap, WinstarNssmMiner is difficult to remove because the first thing it does upon entering the system is to locate protective software. When the computer crashes, the virus continues to mine behind a blue screen.

Cryptojacking is when a malicious virus or website mines cryptocurrency on your computer without your knowledge and keeps all the money. This causes the computer to become very slow, so people who are aware of the issue will invariably run an antivirus programme if this happens to them. WinstarNssmMiner nullifies this ability - criminality aside, I can only imagine how irritating this must be for the victim.

The cryptocurrency being mined is Monero, or XMR. It is a privacy focused coin, obfuscating the addresses of parties to transactions to make them more difficult to trace. It is also designed to be mined with relatively cheap equipment.

For these reasons it is one of the most successful Cryptocurrencies out there - coins are worth $202 each and the coin has a market capitalisation of $3.2 billion according to coinmarketcap.com. However it is also popular amongst the forces of darkness.

For example, in December 2017, a Monero mining bot called Digimine infected Facebook Messenger, affecting users in at least seven different countries. And in March of this year $75,000 was stolen (in total) from people in Japan, Taiwan, China, India, and the US by a malicious code called dada.x86_64 that mined XMR and sent it to two Monero wallets - which couldn't be traced.

For these reasons, pressure has come down on exchanges that list this coin and its ilk (Dash and Zcash). The Japanese financial regulator for example is of the opinion that Monero is too useful for criminals and should be de-listed from exchanges. According to a recent report, this opinion is not too far off the mark.

According to the analysis, WinstarNssmMiner has already mined 133 XMP, or $26,800.

Computer users are advised to be aware of a Cryptojacking virus which has a novel way of protecting itself.

The virus is called WinstarNssmMiner. Based on a standard XMR mining rig, it differs from a standard cryptocurrency mining virus because when it is targeted by antivirus software it reacts by crashing the host computer to avoid confrontation.

According to Chepicap, WinstarNssmMiner is difficult to remove because the first thing it does upon entering the system is to locate protective software. When the computer crashes, the virus continues to mine behind a blue screen.

Cryptojacking is when a malicious virus or website mines cryptocurrency on your computer without your knowledge and keeps all the money. This causes the computer to become very slow, so people who are aware of the issue will invariably run an antivirus programme if this happens to them. WinstarNssmMiner nullifies this ability - criminality aside, I can only imagine how irritating this must be for the victim.

The cryptocurrency being mined is Monero, or XMR. It is a privacy focused coin, obfuscating the addresses of parties to transactions to make them more difficult to trace. It is also designed to be mined with relatively cheap equipment.

For these reasons it is one of the most successful Cryptocurrencies out there - coins are worth $202 each and the coin has a market capitalisation of $3.2 billion according to coinmarketcap.com. However it is also popular amongst the forces of darkness.

For example, in December 2017, a Monero mining bot called Digimine infected Facebook Messenger, affecting users in at least seven different countries. And in March of this year $75,000 was stolen (in total) from people in Japan, Taiwan, China, India, and the US by a malicious code called dada.x86_64 that mined XMR and sent it to two Monero wallets - which couldn't be traced.

For these reasons, pressure has come down on exchanges that list this coin and its ilk (Dash and Zcash). The Japanese financial regulator for example is of the opinion that Monero is too useful for criminals and should be de-listed from exchanges. According to a recent report, this opinion is not too far off the mark.

According to the analysis, WinstarNssmMiner has already mined 133 XMP, or $26,800.

About the Author: Simon Golstein
Simon Golstein
  • 780 Articles
  • 16 Followers
About the Author: Simon Golstein
  • 780 Articles
  • 16 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}