A new form of cryptominer has been discovered which crashes systems the moment antivirus products attempt to remove the malware. The malware, dubbed WinstarNssmMiner by 360 Total Security researchers, has been used in half a million attempted attacks leveraged at PCs in only three days. On Wednesday, the cybersecurity firm said the cryptomining malware aims to infect PCs in order to steal processing power for the purpose of mining the Monero cryptocurrency. WinstarNssmMiner is brutal code as it will crash victim PCs the moment antivirus products detect and attempt to remove it. The cryptominer launches the svchost.exe process — used to manage system services — and injects malicious code into the file. One injected process begins mining cryptocurrency while the other runs in the background to avoid detection and scan for antivirus protection. In the second stage, WinstarNssmMiner then tampers with CriticalProcess, adding a process attribute which allows the malware to crash the system at whim.

Source: zdnet

Leave a Reply

Your email address will not be published. Required fields are marked *