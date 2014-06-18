Stories
CryptoCurrency Miner Plays Hide-and-seek with Popular Games and Tools

posted by cmn32480 on Thursday June 14, @11:22AM   Printer-friendly
from the now-we-need-new-tools dept.
Security

MrPlow writes:

Submitted via IRC for SoyCow8317

When the CPU utilization on a computer is high, games become less responsive, frame rate goes down, and gameplay stutters. To diagnose these problems, users will commonly open process manager utilities such as Task Manager, Process Explorer, or Process Hacker to determine if any processes are using too much of the CPU power.

Knowing this, the developer of this mining Trojan does something pretty clever; they terminate the miner when the processes for popular games or process managers are launched. This causes the computer to appear to be operating normally when running certain games and when trying diagnose CPU utilization.

Source: https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/

  • (Score: 2) by nobu_the_bard on Thursday June 14, @12:06PM (1 child)

    by nobu_the_bard (6373) on Thursday June 14, @12:06PM (#692837)

    I don't think this is all that exceptional. Maybe because this trick works even if the malware is only running in userspace.

    I've seen tons of infected Virtual Machines where none of the tools used on the VM itself showed any abnormal CPU usage, outgoing connections, or high memory use, despite having poor responsiveness. Then you look at the host system, and can easily show the machine has 100% CPU utilization, tons of active connections, and heavy memory use. It's been awhile since I let a system get that bad though; have really clamped down the availability of admin rights even on VMs.

    • (Score: 0) by Anonymous Coward on Thursday June 14, @12:43PM

      by Anonymous Coward on Thursday June 14, @12:43PM (#692853)

      Cool story, grandpa. How often do you run popular games in a VM, Mr Non Gamer?

