Malware News Doctor Web warns of a miner Trojan downloaded instead of a program update

Mahesh Sudula

Level 17
Thread author
Verified
Top Poster
Well-known
Sep 3, 2017
818
Cybercriminals used different methods to distribute malicious software. Amongst these was a standard update mechanism. Trojan.Encoder.12544 aka Petya, Petya.A, ExPetya and WannaCry-2 and BackDoor.Dande used such mechanism. In this article, we are going to focus on another similar incident thoroughly examined by Doctor Web specialists.

One of our users informed our technical support that Dr.Web Anti-virus constantly detected and deleted an application for mining cryptocurrency. An examination of the Anti-virus logs showed that the miner hid in the temporary folder on the infected computer. In addition, the application attempted to connect with an IP address corresponding to the website of the Astrum Soft company, the manufacturer of “Kompiuternyi Zal”. This software is designed to automate computer clubs and cybercafes.



Officially, a function for mining cryptocurrency exists in the application. Users can enable it when computers are idle.



Nevertheless, further research showed that a miner which bothered the user and not the “Kompiuternyi Zal” application had been hidden. The miner was added to the Dr.Web virus databases as Trojan.BtcMine.2869. This Trojan was automatically downloaded from the servers of the Astrum Soft company via the update mechanism of the “Kompiuternyi Zal” program. The Trojan then installed itself into the system.


Read more:

Doctor Web warns of a miner Trojan downloaded instead of a program update
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top