Coin Miner Archives – Gridinsoft Blog

GuptiMiner Use eScan to Spread Miners and Backdoors

GuptiMiner hijacks eScan antivirus updates to deploy backdoors and mine cryptocurrency.

A recent report by Avast researchers identified an old-timer malware called GuptiMiner. It uses the eScan antivirus update mechanism to stealthily inject backdoors and cryptocurrency mining programs into users’ computer systems and large corporate networks. This is further evidence that cybercriminals are adapting their techniques to bypass modern security measures. Let’s look at the situation.… Continue reading GuptiMiner Use eScan to Spread Miners and Backdoors

OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes

OpenMetadata vulnerabilities are exploited to mine cryptocurrency

Microsoft security blog reports that the OpenMetadata platform has critical vulnerabilities that allow attackers to exploit Kubernetes workloads for crypto mining. Five vulnerabilities allow attackers to bypass authentication and execute Remote Code Execution. Microsoft recommends updating to OpenMetadata and employing robust authentication measures. OpenMetadata Vulnerabilities Threats Kubernetes Workloads, Actively Exploited According to the recent Microsoft… Continue reading OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes

Hellminer.exe Coin Miner

Hellminer.exe is a process related to a malicious miner

Hellminer.exe is a process you can see in the Task Manager that indicates a malicious software activity. It stands out by the high CPU load it creates, making the system much less responsive. Let’s figure out what this process is, and how to get rid of it.

Bitfiat Process High CPU – Explained & Removal Guide

Have you opened Task Manager and found the Bitfiat high CPU usage? Here is the way to solve this.

Bitfiat is a malicious coin miner that exploits your computer’s hardware to mine cryptocurrencies. Such malware takes as much resources as it can, making the system impossible to use. Let’s see what this malware is, and how to remove it. Bitfiat Overview The Bitfiat process is related to the activity of a malicious coin miner.… Continue reading Bitfiat Process High CPU – Explained & Removal Guide

WinRing0x64.sys Process – What is It? Can I Delete?

Everything is poison and the whole medicine, the difference only in the application

WinRing0x64.sys is a low-level driver that is used by specific applications. The file is not malicious, though, but malware can abuse this driver. Next, we will find out who uses WinRing0x64.sys and why and answer the question of whether it can be removed. WinRing0x64 Overview WinRing0x64.sys is a crucial software component that allows applications to… Continue reading WinRing0x64.sys Process – What is It? Can I Delete?

Aluc Service: What Is Aluc App & How to Remove?

Aluc Service appears to be a malicious service related to a coin miner virus

Aluc Service is a strange service you can spectate in the Task Manager. It is, in fact, a malware-related process that hides behind a legitimately-looking name. Most commonly, such a trick is done by coin miner malware and rootkits. What is Aluc Service? At a glance, Aluc Service may look like a legit service among… Continue reading Aluc Service: What Is Aluc App & How to Remove?

KmsdBot malware combines DDoS-attacks and coin mining

KmsdBot malware is a coin miner with the DDoS capabilities

A new malware, called KmsdBot, strikes user devices. The Akamai SIRT has discovered a new malware that uses the SSH (Secure Shell) protocol to infiltrate target systems in order to mine cryptocurrency and carry out DDoS attacks. It spreads disguised as a bot for popular games, in particular, GTA V. The combined threat raises malware… Continue reading KmsdBot malware combines DDoS-attacks and coin mining

Extension spoofing strikes Spanish-speaking countries

Phishing email that aims to install malware on your PC

An old-good form of malware disguisment sparked recently in several Spanish-speaking countries across the globe. Users note numerous cases of email attachments with spoofed file extensions, that appear to be coin miner trojans. Massive outbreak of extension spoofing in email spam Email spam is a form of malware spreading that became very popular at the… Continue reading Extension spoofing strikes Spanish-speaking countries

Clipminer – a Million Dollar Clipboard Hijacking Coinminer

Clipminer Malware A bizarrely efficient botnet cryptocurrency miner has been revealed by Symantec security experts. Besides its classic mining function, it has a feature of clipboard hijacking, thence comes the name of this malware – “Clipminer.” That feature alone has brought its developers approximately $1.7M. Let’s begin with the insertion. The Trojan-carried WinRAR archive originates… Continue reading Clipminer – a Million Dollar Clipboard Hijacking Coinminer

A WSO2 Vulnerability is Fraught with Remote Code Execution

The products by WSO2, an open-source API, applications, and web services provider, have been attacked in the wild through the CVE-2022-29464 vulnerability detected back in April 2022. This vulnerability allows attackers to execute malicious code remotely via unhindered file uploading. The scheme of the attack begins with web shell installation through *.jsp or *.war files… Continue reading A WSO2 Vulnerability is Fraught with Remote Code Execution