Using Windows Installer? It could be a Cryptic Crypto Mining Malware

shutterstock_759837652

Use of malware to mine cryptocurrencies has been a serious issue ranging from software programs to the use of browser malware by some websites to mine cryptocurrencies. This is a growing concern for users of both PC and mobile devices because most of the malware are not easily detected and users hardly realize when their devices are hijacked for cryptocurrency mining.

 

This time, the hijackers have taken their acts to a whole new level by introducing a malware that is completely untraceable. This malware is installed in the form of a windows installer and then completely disappears once the installation is completed, making it impossible to find on a device even if it is scanned.

 

In addition to the above, the malware has the ability to elude several security checks because it comes as a windows installer MSI file which makes it less suspicious since the application is a regular one used for software installation on computers. Using the name also makes it easy to run without being detected by security software on the device and increases its chance of being safely installed on the device.

 

The malware was detected as Coinminer.Win32.MALXMR.TIAOODAM by Trend Micro, a global leader in data security and cybersecurity solutions for businesses. According to their report, the malware gets installed in a directory %AppData%\Roaming\Microsoft\Windows\Template\FileZilla Server or creates one if it does not already exist.

 

The package also comes with a file bat, which ensures the malware is not detected by terminating any anti-malware process on the system, ico, posing as an icon file and exe, an unzipping tool to used to unleash the former on the device.

 

Once the installation is complete, it will then create three Service Host processes, the first two of which will automatically download another Windows Installer .msi file if any of the three process get terminated. This means the malware has come to stay if it gets on a device. It is advisable therefore to watch which software users are installing on their devices to avoid this ugly situation.

Featured Photo by: Shutterstock

About the Author

Ponny
the author Ponvang Bulus is a cryptocurrency enthusiast, investor and writer. He is interested in trending technical, regulatory and financial issues in the crypto space and loves to write about same.