CATEGORIES
home News

NSA DoublePulsar Trojan Turns Infected PCs Into Monero Cryptocurrency Mining Zombies

by Brandon HillThursday, June 22, 2017, 03:49 PM EDT

Cryptocurrency like Bitcoin and Ethereum are big business these days. While Bitcoin has received the lion’s share of the attention since its introduction in 2009, Ethereum is poised to overtake it in market cap in the near term.

With all of the momentum in the cryptocurrency mining market — and the hardware that helps make it possible — it should come as no surprise that nefarious parties are looking to take advantage of unsuspecting users. Unfortunately, these bad actors are making use of the NSA’s leaked DoublePulsar trojan which is a particularly nasty piece of malware.

monero

It all starts with Trojan.DownLoader24.64313, which is downloaded to a computer via a backdoor provided by DoublePulsar. Once on a user’s PC, the downloader installs the Trojan.BtcMine.1259 malware. Once that's installed, it performs a few checks and if the coast is clear, it loads itself into memory.

When activated, Trojan.BtcMine.1259 uses a PC’s resources to mine for Monero (XMR) cryptocurrency.  According to Dr. Web, a Russian developer of antivirus software, the Trojan.BtcMine.1259 includes both 32-bit and 64-bit binaries so that it can take full advantage of your processing hardware. The alert bulletin notes: 

This module’s configuration indicates how many of the processor’s kernels and computing resources will be used for cryptocurrency mining, the intervals with which the miner will automatically restart, and other parameters. The Trojan tracks running processes on the infected computer and shuts itself down when an attempt is made to launch the Task Manager.

Earlier this month, we learned about the Linux.MulDrop.14 malware that was taking advantage of Raspberry Pi devices that didn’t have their default passwords changed. It should be noted, however, that due to the relatively low computing power of these targeted devices, it’s unlikely that an attacker would have much to gain financially from hijacking the Raspberry Pi.

“If the entire Mirai botnet of 2.5 million IoT devices was furiously mining bitcoin, it's total earnings would be $0.25 (25 cents) per day,” wrote Errata Security in mid-April.

However, with this new mining malware targeting PCs, obviously the end result is a much more lucrative value proposition for anyone trying to take advantage of the exploit. It's still unknown how the trojan actually is pushed to a target PC, beyond traditional phishing mediums and the like. 

(Image Source: monero.how)

Tags:  bitcoin, cryptocurrency, monero, ethereum, doublepulsar
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment