Malware News KingMiner malware hijacks the full power of Windows Server CPUs

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Cryptojacking, which most often involves mining for Monero (XMR) and Ethereum (ETH), can be difficult to detect if CPU usage theft is limited, and as funds are transferred to attacker wallets in real-time, these techniques are becoming more popular with attackers who may have in the past relied on ransomware, which is not guaranteed to provide an illegal payout.

On Thursday, researchers from Check Point said in a blog post that one such form of cryptomining malware, known as KingMiner, first appeared in June this year and is now out in the wild as a new-and-improved variant.

The malware generally targets IIS/SQL Microsoft Servers using brute-force attacks in order to gain the credentials necessary to compromise a server. Once access is granted, a .sct Windows Scriptlet file is downloaded and executed on the victim's machine.

This script scans and detects the CPU architecture of the machine and downloads a payload tailored for the CPU in use. The payload appears to be a .zip but is actually an XML file which the researchers say will "bypass emulation attempts."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top