Researchers detect new malware related to cryptojacking

An Israeli cybersecurity firm called Check Point Software Technologies identified a new type of malware that is characterized by evading detection methods thanks to a constant improvement algorithm.

KingMiner is a monero mining malware that targets Windows servers. The discovery occurred in mid-June of this year, shortly after this date, two improved updates were released.

“The attacker employs various evasion techniques to avoid emulation and detection methods and, as a result, several detection engines have observed significantly reduced detection rates. According to our analysis of sensor records, there is a constant increase in the number of attack attempts of KingMiner”, the statement said.

The “modus operandi” is: first it downloads and executes the Windows Scriplet file before detecting the CPU architecture of the infected machine. Then it downloads an XML file, masquerading as a ZIP file. After extracting the files, it creates new registry keys and executes an XMRig file of Monero-mining. It is noteworthy that the malware detects and removes previous versions of itself in the attacked unit.

Although the malware works with very simple methods, the different techniques that it uses seem to reduce the detection rate.

The research concluded that KingMiner represents “an evolution of cryptojacking“, which can bypass common detection and emulation systems.

“We predict that these evasion techniques will continue to evolve during 2019 and will become a major component of Cripto-Mining attacks“, said the investigation.

K. Tovar

Source: Research.Chekpoint

Receive this and all our information directly on your cell phone through our channel on Telegram:https://t.me/BitFinanceNews