WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools

spaceoctopus

Level 16
Thread author
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
Cryptocurrencies have hit the headlines again this week, but this time it is not for good reasons. Nicknamed “WannaMine”, a new malware variant has been taking over computers around the world, hijacking them to mine a cryptocurrency called Monero.

WannaMine was first discovered by Panda Security in October last year, but the malware is only just coming to the attention of the general public, thanks to a number of high profile infections. But unlike other malware variants, WannaMine is proving particularly hard to detect and block.
 
D

Deleted member 65228

No surprise there, it just increases CPU usage, hardly a malicious behaviour. The only trigger is, that it connects out to send data, but apps do that all the time.
The intent is malicious.

Crypto-currency miners which are pushed by attackers with the intention of generating income without the user knowing/being able to disable it is malicious software, it proves the intent is malicious and the behaviour is malicious. If someone downloads something claiming to be something that it isn't, then that's malicious (and commonly referred to as a "Trojan" for pretending to be something it isn't).

Increasing CPU usage is definitely malicious, and the intent is to use the target's system resources to generate income to the people responsible, without the user being aware. Usage of the CPU, GPU and other researchers will reduce life-time and it could go on for months on end without the average Joe noticing unless their security solution interrupts. As well as this, due to system resources being used up by the malicious software, the system can behave in a slower manner.

People don't buy systems so a malicious attacker can generate income from their resources.

Crypto-currency malware is... Exactly that. Crypto-currency malware. Some crypto-currency malware has more complex techniques embedded within them, such as Heaven's Gate, designed to trick security solutions using user-mode hooks which do not cover interception of WOW64 (which is very interesting indeed).

If your system resources start rocketing for no reason, it's a sign of crypto-currency mining occurring in the background without you being aware. Attackers have even found ways to embed malicious JavaScript for crypto-currency malware via YouTube AdSense advertisements now as well, and compromised websites which receive a lot of traffic may also have mining capabilities injected into them nowadays.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top