A new kind of Cryptominning malware is spreading fastly, infecting nearly 500,000 computers in just three days. Researchers have named it as ‘WinstarNssmMiner,’ and it is built based on an open-source and legitimate Monero mining utility named XMRig.
‘WinstarNssmMiner’ malware is found to crash computers the moment antivirus products attempt to remove it. It turns OFF antivirus protection in the victim’s computer and backs off when there is a powerful antivirus in the machine. Hence, users who don’t have good antivirus software installed on their PCs would experience slowness and blue screens on their computers.
Once into the victim’s computer, the ‘WinstarNssmMiner’ malware launches the svchost.exe process which is used to manage system services. Then it injects a malicious code into the file (svchost.exe). One of the injected processes begins mining Monero cryptocurrency while the other process runs in the background to evade detection by antivirus software.
Next, the ‘WinstarNssmMiner’ sets the spawned process’ attribute to CriticalProcess. Even if a computer savvy user tries to terminate it, the system will crash since it is a CriticalProcess.
Once the ‘WinstarNssmMiner’ enters a computer, it carefully scans the compromised PC for antivirus products. If the victim’s computer has any decent antivirus software offered by reputable companies such as Comodo, the ‘WinstarNssmMiner’ quits automatically.
However, if the victim’s computer as weaker antivirus software, the malware starts the crash process and blue screens while the mining Monero cryptocurrency on the hacker’s behalf by using the victim computer’s CPU power.
It’s unclear how the ‘WinstarNssmMiner’ infection spreads, but once it executes on a targeted computer, it starts the process of injecting malicious code into svchost.exe.
In recent times there has been a sharp rise in the number of cyber attacks aimed at mining cryptocurrencies. Due to the financial frenzy caused by cryptocurrencies such as Bitcoin, hackers have turned to crytominers to earn money.
It is advisable that you install a good antivirus software like Comodo Antivirus to protect your PC from such attacks. Apart from Comodo Antivirus, no other antivirus software or virus removal software can completely protect your computer from the ever-evolving array of cyber attacks from savvy hackers. Even an advanced web or email content filter tool with up-to-date virus signatures is still no match for the ever-evolving and sophisticated malware variants.
In case of “Default Allow” security posture used by almost all other anti virus software, unknown malicious files will be allowed to access sensitive information from the user’s computer. Comodo uses “Default Deny” security posture that quickly contains unknown files in a containment.
Comodo Antivirus can help protect your PC against viruses, and other types of Malware that can be deployed through a zero-day vulnerability. Zero-day vulnerabilities are hard to fix on-time as the security flaw is previously not known to the developers. Timely release of the security patch depends on the developers, i.e., how quickly they can come up with a patch if a security flaw shows up.
Comodo antivirus leverages containment technology to detect and contain malware including the zero-day malware such as ‘WinstarNssmMiner.’ Install Comodo Antivirus today!