Researchers at the Israeli firm Check Point Software Technologies claim that they have discovered a new kind of hidden miner who is able to “develop.” This is reported on the company’s website.
This program was discovered about six months ago and then the main function of the malware was only the Monero cryptocurrency mining. However, over time, the miner “learned” to find older versions of the program on the victim’s computers and replacing them with the current ones. This approach, experts from Check Point believe avoids the detection of antivirus software.
“This malware constantly adds new ways and methods of avoiding detection” experts say.
The program focuses primarily on Microsoft servers, including IIS \ SQL. Hidden miner uses for its needs up to 100% of the victim’s processor power. In addition, to maintain secrecy KingMiner uses a private mining pool.
“We have not yet determined the domains used by the pool, since they are also private. Nevertheless, we see that the current scale of attacks is enormous, from Mexico to India, from Norway to Israel” – the researchers note.
Recall, the Acronis recently introduced a solution to protect against hidden mining.