Newly discovered cryptojacking code is designed to kill off its rivals
Dramatic re-enactment.
Newly discovered cryptojacking code is designed to eliminate rivals and take more power for itself.
Freelance security consultant Xavier Mertens has discovered a new cryptojacking code that searches for and eliminates rivals before going to work. It's designed to hunt for other processes that use a lot of CPU cycles and kill them.
Cryptojacking is when someone unknowingly mines cryptocurrency for another person. It's not dangerous per se, but it can slow computers to a crawl by diverting their processing power to crypto mining. Cryptojackers can take a few different forms. One of the more common methods is to infect websites with malicious code that saps the processing power of those who visit the page. These have been discovered on government websites, and even running as ads on YouTube and embedded in Microsoft Word documents.
These will usually stop their mining once you leave the page, which closes the program. As such, the trickier but more valuable option for cryptojackers is to infect computers outright, so it will keep mining cryptocurrency as long as it's switched on. It's more valuable because it runs for a lot longer, but more challenging because it means actually infecting someone's computer.
That's what this particular piece of malware does. It poses as HP drivers, and the victims it searches for include a lot of ordinary Windows processes. But it also searches for a range of common cryptojacking and mining processes, and eliminates them as well.
It makes a lot of sense. There's only so much processing power to go around, and there's no point in leaving rivals around. Plus, as time goes by, it seems more likely that the easier-to-infect targets have been struck already. And in a sense, the perfect target is someone who doesn't know their machine has been infected and is happy to keep using it for a long time while unintentionally mining cryptocurrencies.
Conveniently, Mertens dissection of the murderous cryptojacker's code gives a neat list of common mining processes.
"If you find one of these processes on a host, there are chances that it is being used to mine cryptocurrencies!" he writes.
Silence Carbon xmrig32 nscpucnminer64 mrservicehost servisce svchosts3 svhosts system64 systemiissec taskhost vrmserver vshell winlogan winlogo logon win1nit wininits winlnlts taskngr tasksvr mscl cpuminer sql31 taskhots svchostx xmr86 xmrig xmr win1ogin win1ogins ccsvchst nscpucnminer64 update_windows
Cryptojacking 101: How to spot it.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, SALT, BTC and NANO.
Latest cryptocurrency news
- Bitcoin price drops as US hikes interest rates – Are they connected?
- Bitcoin up 21%: Will El Salvador’s big news kick off a fresh bull run?
- Ethereum drops 13% but experts are convinced good news around the corner
- Bitcoin price on a knife-edge, as the Death Cross looms
- Bitcoin price drops 10% over the past week: Is another drop coming?
Picture: Shutterstock
