WaterMiner Monero Miner : A New Cryptominer Malware Strain
Cyber criminals always try to create new ways ti infect computers and that’s the reason new threat being discovered almost everyday. Recently security researchers has detected such a threat which is named as WaterMiner Monero Miner. It is easy to guess the functionality of this threat from its name. If you are still unknown about this threat then you must know that this malware is designed to mine Monero Cryptocurrency by draining the available resources of infected computer. These type of threat has become popular among cyber offender because it is still unknown in many country. But it is necessary to know the activities of this threat which it can perform in your computer.
What WaterMiner Monero Miner Can Execute In Your Computer?
Similar to any other malware program WaterMiner Monero Miner is also dropped silently in the targeted system. Once it execute on the system it unpack a RAR file in order to drop several other files. The malware is known to drop a executable file which is known as “pawncc.exe”. In actual the executable file is a script which result in the malware infection. Once the file get executed a series of command start running which download malware from a remote site controlled by hacker. Research reveal that following things happen on the compromised computer :
- It will check the system and verify if the malware is already downloaded. If it doesn’t found the malware then it will create “HKLM\Software\IntelPlatform” subkey in th Windows registry whose value is named as “Ld566xsMp01a” and set to nothing.
- As said above the malware is downloaded from remote server and when the infected file is downloaded then the marker of infection is named as “loaded”. After this miner start running on the infected system.
- The malicious process will not proceed if the marker is not set as “loaded”. It also means that the threat can disable the mechanism which allow user to make modification in the Windows registry
Research also reveal that the source code used in WaterMiner Monero Miner is identical to other crypto miner which were discovered earlier. However miners are already has been used and it is not illegal but such threat allow cyber criminals to do the same thing illegally and the sole purpose of this threat is to mine out Monero Cryptocurrency in order to generate income for its developer.
How WaterMiner Monero Miner Is Cheating Victims?
The miner will perform heavy operation on the compromised system to run the mining process. In this series it consume a big part of CPU. Victim will notice that their system become slow and slow. In order to find the reason victim move towards Task manager in order to know the processes which slow down the system. But the attackers behind this miner will alter the original XMRig. This mean when user open Task manager or similar app then the miner will detect that app and immediately stop the mining process.
Cryptocurrency industry is growing rapidly and the moment it is not so complex. But researcher thinks that such malware become more sophisticated in upcoming days and will cause more damage. Users are suggested to follow precautionary measures and remove the threat using a strong anti-malware program.