Cryptocurrency-mining malware-scum have started to write code that evicts rivals from compromised computers.
The miner in question was first noticed by SANS Internet Storm Center handler Xavier Mertens. Mertens spotted the PowerShell script on March 4, and noting that it kills any other CPU-greedy processes it spots on target machines, he wrote: “The fight for CPU cycles started!”
Pre-infection, the attack script checks whether a target machine is 32-bit or 64-bit and downloads files known to VirusTotal as hpdriver.exe or hpw64 (they're pretending to be HP drivers of some kind).
If successfully installed, the attack then lists running processes and kills any it doesn't like. Mertens noted that alongside ordinary Windows stuff, the list of death-marked processes includes many associated with cryptominers, some of which are listed below.
Mertens wrote that the script also checks for processes associated with security tools.
(Score: 2, Interesting) by Anonymous Coward on Wednesday March 07 2018, @08:28PM
i can't believe this is making the rounds now. this security expert is wayyy behind.
there have been crypto miner 'worms' evicting existing worms off consumer routers and ip cameras and stuff for a while now. couple examples of code floating about, and i believe a wallet or two was shut down as a result.
maybe i should write about the stuff i see and become an expert, but the thing is... it was posted elsewhere too. this guy is repeating yesterdays news and we get it here as well, so i am just as guilty for not posting it when it was new as I am guilty about complaining about old news being treated as new.