Researchers to Find Malicious Monero Miner in Google Play

The miner wasn't hidden - it had to sent XMR to user's wallet, but sent it to scammer's wallet instead
13 March 2018   1231

In the Google Play app store, an application for the Monero mining with a "defect" was found. Monero Miner successfully coped with the stated task and really mined the crypto currency, using for this purpose the computing power of the Android devices, but their owners did not become richer from it. This is reported ESET antivirus company.

The thing is that mined XMR coins were send to the scammers addresses, not user's. 

The general mining fever helps scammers. Some of them hide the function of mining in their mobile applications for hidden mining using the users' devices. Others, on the contrary, specifically develop applications to deceive novice miners. 

Sergey Kuznetsov

Head of the technical support department,  ESET Russia products and services

To date, the application has been removed from Google Play. Before that, up to 50,000 users could install it. 

BlackSquid Hidden Miner to Attack US & Thai PCs

The malware is distributed through malicious websites, compromised web servers, network drives, and USB drives; it uses different exploits and vulnerabilities
05 June 2019   211

Trend Micro researchers have discovered a new malware that mines the Monero cryptocurrency on users' devices, reports ZDNet.

Most of all, a new malware miner called BlackSquid is popular in Thailand and the United States. The maleware is distributed through malicious websites, compromised web servers, network drives, and USB drives. BlackSquid uses EternalBlue, DoublePulsar, server vulnerabilities CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and errors in the ThinkPHP web application.

BlackSquid uses various tricks to keep the program unnoticed. For example, if a program detects that it was running in a virtualization environment, or finds debugging tools, then the malicious functions will not be activated.

Unnoticed, the malware installs the XMRig mining script. The attack does not end there - the program also scans the system for the a video card in order to extract coins more efficiently. After infecting one computer on the network, the virus tries to spread to other systems.