XiaoBa Ransomware Retooled as Coinminer But Manages to Ruin Your Files Anyway

[Faybert]

Content source

https://www.bleepingcomputer.com/news/security/xiaoba-ransomware-retooled-as-coinminer-but-manages-to-ruin-your-files-anyway/

The authors of the XiaoBa ransomware have retooled their malware's code into a cryptocurrency miner (coinminer).

Unfortunately, despite not encrypting files anymore, the XiaoBa coinminer still destroys users' data thanks to a series of bugs that primarily corrupt a user's executable files.
History of the XiaoBa ransomware

The XiaoBa ransomware is one of those ransomware strains that's been active on the malware scene for months, but very few people have heard of it, mainly because it was never at the center of a mass distribution campaign.
.....
.....

New (faulty) XiaoBa version discovered

But now, Trend Micro researcher say they identified what appears to be a modified version of the XiaoBa ransomware, but coded to work as a file infector and cryptocurrency miner.

You'd think that XiaoBa getting converted into a coinminer is a good thing. However, it is not so. This new XiaoBa coinminer contains sloppy code that destroys user files and will crash PCs.

The reason this happens is because of the XiaoBa "file infector," a component that scans the local file system and appends the XiaoBa malware to other files.

According to Trend Micro experts, the current version of the XiaoBa coinminer will inject a copy of itself and the legitimate XMRig cryptocurrency mining software inside all EXE, COM, SCR, and PIF files found on an infected computer.
........
........