Security News

Potentially Unwanted Programs secretly serve Bitcoin miner

Potentially Unwanted Programs secretly serve Bitcoin miner: The value of the Bitcoin for a few days has passed the psychological threshold of one thousand dollars, confirming its growth trend, the attention in the virtual currency scheme is at the highest levels and cybercriminals are exploiting new ways to monetize the unprecedented surge.

Blackmarket is proposing new exploit kits, like Atrax, that could be used to infect victims with the purpose to steal Bitcoin wallets or to abuse of the computational resources of the victims for Bitcoin mining.

Recently security experts at Malwarebytes alerted the security community on the diffusion of Potentially Unwanted Programs (PUPs) including search agents and Toolbars, that are bundled with malware having mining capabilities.

“This time, however, we are taking a look at a PuP that installs a Bitcoin miner on the user system, not just for a quick buck but actually written into the software’s EULA. This type of system hijacking is just another way for advertising based software to exploit a user into getting even more cash.” states the blog post on Malwarebytes website.

The experts have discovered a malware instance that utilizes victims’ computing resources for Bitcoin mining, in particular it uses ‘jhProtominer’ a popular mining software that runs via the command line, to abuse the CPUs and GPUs of the infected machine.

On November  22th researchers at Malwarebytes received a request for assistance from users about an anomalous behavior of a file, titled “jh1d.exe” that was taking up 50% of the system resources. The file in reality was the Bitcoin Miner “jhProtominer”. The experts also discovered that jhProtominer wasn’t the miner recreating its own file and executing but a parent process known as “monitor.exe”, Monitor.exe was created by a company known as Mutual Public, which is also known as We Build Toolbars, LLC or WBT.