Monero HiddenMiner Can Cause Device Crash

New malware can literally destoy users' devices while mining XMR
29 March 2018   1620

Trend Micro, a company specializing in cyber security, reports a new type of malware for Android.

When installed, Malware will mine Monero using the smartphone processor until it exhausts all resources or the mobile device does not break.

In the code of HiddenMiner there is no controller, switch or optimizer, it constantly mines the Monero, right up to the mobile device overheating.

If the researchers' warnings are correct, this is not the first malicious software that can kill your smartphone: last year there was a case when Loapi Android malware exploited device so hard that the smartphone its battery swelled and cracked the back of the device, destroying the mobile device within 48 hours.

Trend Micro reports that the new malware has some similarities with Loapi. With the help of HiddenMiner, one of its operators produced 26 XMRs - about $ 5,360 - from one of the wallets.

HiddenMiner is an application on Google Play and forces users to activate it as a device administrator.

HiddenMiner
HiddenMiner

It will constantly appear until the victim presses the "Activate" button; after granting permission, HiddenMiner will start minning Monero in the background.

It is difficult to delete a miner, it blocks such user actions.

BlackSquid Hidden Miner to Attack US & Thai PCs

The malware is distributed through malicious websites, compromised web servers, network drives, and USB drives; it uses different exploits and vulnerabilities
05 June 2019   344

Trend Micro researchers have discovered a new malware that mines the Monero cryptocurrency on users' devices, reports ZDNet.

Most of all, a new malware miner called BlackSquid is popular in Thailand and the United States. The maleware is distributed through malicious websites, compromised web servers, network drives, and USB drives. BlackSquid uses EternalBlue, DoublePulsar, server vulnerabilities CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and errors in the ThinkPHP web application.

BlackSquid uses various tricks to keep the program unnoticed. For example, if a program detects that it was running in a virtualization environment, or finds debugging tools, then the malicious functions will not be activated.

Unnoticed, the malware installs the XMRig mining script. The attack does not end there - the program also scans the system for the a video card in order to extract coins more efficiently. After infecting one computer on the network, the virus tries to spread to other systems.