Newly discovered cryptojacking code is designed to kill off its rivals
Dramatic re-enactment.
Newly discovered cryptojacking code is designed to eliminate rivals and take more power for itself.
Freelance security consultant Xavier Mertens has discovered a new cryptojacking code that searches for and eliminates rivals before going to work. It's designed to hunt for other processes that use a lot of CPU cycles and kill them.
Cryptojacking is when someone unknowingly mines cryptocurrency for another person. It's not dangerous per se, but it can slow computers to a crawl by diverting their processing power to crypto mining. Cryptojackers can take a few different forms. One of the more common methods is to infect websites with malicious code that saps the processing power of those who visit the page. These have been discovered on government websites, and even running as ads on YouTube and embedded in Microsoft Word documents.
These will usually stop their mining once you leave the page, which closes the program. As such, the trickier but more valuable option for cryptojackers is to infect computers outright, so it will keep mining cryptocurrency as long as it's switched on. It's more valuable because it runs for a lot longer, but more challenging because it means actually infecting someone's computer.
That's what this particular piece of malware does. It poses as HP drivers, and the victims it searches for include a lot of ordinary Windows processes. But it also searches for a range of common cryptojacking and mining processes, and eliminates them as well.
It makes a lot of sense. There's only so much processing power to go around, and there's no point in leaving rivals around. Plus, as time goes by, it seems more likely that the easier-to-infect targets have been struck already. And in a sense, the perfect target is someone who doesn't know their machine has been infected and is happy to keep using it for a long time while unintentionally mining cryptocurrencies.
Conveniently, Mertens dissection of the murderous cryptojacker's code gives a neat list of common mining processes.
"If you find one of these processes on a host, there are chances that it is being used to mine cryptocurrencies!" he writes.
Silence Carbon xmrig32 nscpucnminer64 mrservicehost servisce svchosts3 svhosts system64 systemiissec taskhost vrmserver vshell winlogan winlogo logon win1nit wininits winlnlts taskngr tasksvr mscl cpuminer sql31 taskhots svchostx xmr86 xmrig xmr win1ogin win1ogins ccsvchst nscpucnminer64 update_windows
Cryptojacking 101: How to spot it.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VEN, XLM, SALT, BTC and NANO.
Latest cryptocurrency news
- Ethereum price breaks all time high of US$1,448
- Ethereum price: Massive slide as market faces bearish pressure
- Ethereum 2.0: Roadmap, timeline and implications
- Bitcoin falls to US$34,000 as confidence in money markets improves with the Biden inauguration
- Bitcoin price lags while regulators raise fears and banks grapple
Picture: Shutterstock
