LoudMiner Cryptomining Malware Targets Powerful Audio Creation PCs (Jun 21, 2019)
Researchers at ESET have identified a cryptocurrency miner, named “LoudMiner”, that uses virtual machines to run on Windows and macOS. The malware, which is based on the “XMRig” miner, is spreading through a website containing cracked (free/illegal) copies of Virtual Studio Technology (VST) software. Machines running VST software are targeted due to the high CPU usage needed to run the software, and for the malware to run without being immediately suspicious. Using a virtual machine, a Linux XMRig cryptominer is run on infected machines to steal cryptocurrency.
Recommendation: Cryptocurrency miners cause a high CPU usage, therefore, if fans seem to be always running on a machine, the activity/task manager should be checked to see if miners are running unknowingly. In addition, it is not uncommon for cryptocurrency mining malware to be distributed via malicious plugins/add-ons that impersonate legitimate software. Therefore, it is important that your employees are educated about such tactics and that policies regarding which software are allowed on work machines are in place.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.