Technology > Security

An unknown man hacking a laptop. / Photo by: Frank Peters via 123RF

 

The 360 Total Security team has discovered a new cryptocurrency mining malware that forces PCs to crash if attempts to remove it are made. The China-based antivirus software developer had already intercepted 500,000 attacks launched by the malware, dubbed WinstarNssmMiner, in just tyhree days, according to Kevin Parrish, writing for Digital Trends.

The WinstarNssmMiner malware hijacks infected PCs and attaches itself to the critical system services in Windows to prevent itself from being deleted. It will then use the affected PC's processing power to mine the digital coins. The 360 Total Security team claimed the hacker responsible for spreading the malware had already made huge profits mining the Monero digital coin. 

It is not clear how the malware ended up in compromised PCs in the first place but it could be the result of opening attachments in email files or through social media. Once inside a PC, the WinstarNssmMiner malware will look for antivirus software and will deactivate those not made by high-tier providers such as Kaspersky and Avast. If there is a well-known antivirus software, it avoids detection by not doing anything while the antivirus software scans the malware’s file.  

Once it evades detection, the malware will create two system processes called svchost.exe. One svchost process will start mining digital currency while the other monitors the installed antivirus software. If the latter is enabled, the malware will stop all activities to elude detection again. 

The malware is so virulent not only because it is virtually undetectable but it steals a significant amount of computing power that can slow down the performance of PCs to a crawl. Users who turn to the Task Manager to manually close the offending Service Host will get that infamous Blue Screen of Death -- meaning the PC has crashed. 

The malware relies on the XMRig for digging up the Monero coins. The XMRig is a huge burden on CPUs and was originally designed to run on dedicated PCs, not on laptops and desktops geared for daily use.