News Researchers Say KingMiner Malware Is Evolving

Researchers Say KingMiner Malware Is Evolving


- Advertisment -

November 30, 2018 11:01 PM

The malware can delete old versions of itself to evade detection.

Two researchers from Israel-based Check Point Software Technologies Ltd. have revealed that a type of crypto mining malware is “evolving” to avoid detection, according to research notes published on November 29.

The research done by Ido Solomon and Adi Ikan centered around a type of crypto mining malware called KingMiner. As per the research notes, KingMiner emerged in June 2018, and specifically targets Microsoft servers, usually seeking out servers using “IIS or SQL,” to mine Monero tokens.

According to Solomon and Ikan, “The attacker employs various evasion techniques to bypass emulation and detection methods, and, as a result, several detection engines have noted significantly reduced detection rates.”

Once KingMiner infects a server, it tries to guess the password. When the password is obtained, the malware then downloads and executes a Windows scriptlet file. In order to avoid detection, KingMiner searches for and deletes older versions of itself, then replaces them with new versions that can bypass code emulation, which is a method for detecting malware.

Solomon and Ikan found that the attacker uses three other features to avoid monitoring and detection: a private mining pool with the application programming interface turned off, a wallet not used in public mining pools, and private domains. This drastically reduces the rate at which anti-malware software can detect and remove KingMiner from infected servers.

KingMiner malware has infected servers globally, including in Mexico, India, Norway, and Israel.

Solomon and Ikan conclude their research with a warning:

“KingMiner is an example of evolving Crypto-Mining malware that can bypass common detection and emulation systems. By implementing simple evasion techniques, the attacker can increase the probability of a successful attack. We predict that such evasion techniques will continue to evolve during 2019 and become a major (and more common) component in Crypto-Mining attacks.”

With the proliferation of cryptocurrency, mining malware has become commonplace. In July 2017, ETHNews reported that servers at San Francisco State University had been infected with bitcoin-mining malware. In February of this year, we reported that more than 4,000 websites – including government-run sites – in the US and the UK were hijacked by crypto mining malware. And, just Wednesday, November 28, Kaspersky Lab issued a report warning of the dangers of new crypto-mining malware.

Nathan Graham is a full-time staff writer for ETHNews. He lives in Sparks, Nevada, with his wife, Beth, and dog, Kyia. Nathan has a passion for new technology, grant writing, and short stories. He spends his time rafting the American River, playing video games, and writing.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest KingMiner, malware or other Ethereum technology news.

Source link


Please enter your comment!
Please enter your name here

Latest news

GoCrypto presents truly contactless payments with a simple solution for merchants and buyers

7 April 2020 — The recent events have rapidly changed the way we live, including our shopping...

Bitcoin SV has found a new niche in the gaming industry

Gaming companies and online casinos are increasingly paying attention to cryptocurrencies as a possible payment tool. Several...

Why could GLBrain become a great solution to receive support during the crisis?

To support smaller and medium-sized businesses during the ongoing crisis, GLBrain offers services cost-free for all Austrians....

Make Fast and Secure Trades Using is a Cryptocurrency trading platform that allows users to buy and sell their Cryptocurrency in a...
- Advertisement -Researchers Say KingMiner Malware Is Evolving

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you