Hidden mining malware is often disguised as textbooks and abstracts
Kaspersky Lab has discovered that some malicious programs for hidden mining are disguised as rare textbooks, ready-made works or come bundled with them.
After analyzing the history of infections of Kaspersky users related to files on school and student topics, 233 thousand cases of downloading infected books and abstracts to computers were identified. More than 30 thousand users tried to open these files.
Among the multitude «unpleasant surprises», the researchers discovered several programs that extract cryptocurrency for their owners using the computing power of an infected PC. These are the WinLNK.Agent.gen and Win32.Agent.ifdx loaders.
The first is hidden in the archive with a shortcut to a text file and is activated when you open it, after which it starts downloading malicious components. Usually these are scripts for hidden mining, adware and more dangerous programs..
Win32.Agent.ifdx is more common and is usually hidden under the guise of textbooks, abstracts and other finished works in DOC, DOCX or PDF format. Outwardly, it looks like a regular document, and when launched, to distract the victim’s attention from suspicious activity, even a text file is opened, but at this time, miners, banking Trojans, ransomware and other unwanted objects are actively downloaded to the PC..
Pirated books and ready-made abstracts can help save time and money, but the process of finding them can lead to unwanted consequences..
How to make any Cryptocurrency Silent Miner | Minergate Miners 2020
Earlier we reported about a new virus for hidden mining that hides from the task manager.
text: Ivan Malichenko, photo: unsplash