Posted on
July 8, 2018 at
7:29 AM

When you think there is no way harmful that perpetually advances could become any more wicked, it acquires the possibility to choose how to harm your computer, depending on what’s installed on it. The obviously want to utilize the ascent of the cryptocurrency-mining harmful software and combine it with the usual attacks. If the infected machine contains a bitcoin wallet, the intelligent malware will equip it with file-encrypting .

If, on the other hand, a pre-existing folder is missing, and the machine is capable of mining, a miner will be installed in order to use the power of the machine to generate cryptocurrency. As a malware analyst Orkhan Mamedov said, it is a typical relationship between a criminal and his victim. The ultimate goal is, as always, to make a profit – either by direct extortion, or illegal use of the user’s resources. The malware belongs to Rakhni family, which has been on the market since 2013 and has perpetually tested the patience and technology of both analysts and regular users.

The process of infection

There is nothing special about the initial of this malware – just like many similar ones, the Rakhni assault starts with a phishing email which is sent to possible victims. In this case, they are mostly located in Russia, 9 percent of spam also being written in this language. These are made to look like messages regarding some financial transactions and they come with an attached Word document, where the dangerous software preys.

The user is, naturally, motivated to enable editing, so that the malicious content can disperse and ensure infection. Afterward, the user is inspired to open the embedded PDF document, which is never actually opened. Instead, the malicious software is launched and the computer is infected with the aforementioned malware.

When installed, Rakhni checks out the environment in order to decide whether to install ransomware or a miner. As said before, if the wallet is already installed, ransomware is downloaded and executed, which automatically means files are encrypted with an awkward extension, after the has been idle for two minutes.

Every possibility is covered

If cryptocurrency wallet is missing, a miner is downloaded and installed, even being disguised as a Microsoft Corporation certificate. If by any chance, the compromised computer does not accept the installation of either ransomware or a miner, Rakhni doesn’t give up – it copies itself onto other machines connected to the network in an effort to perform its harmful mission.

Even though the attacks by ransomware have somewhat decreased, they are still a clear and present danger for regular users. However, the introduction of the miner shows that hackers are open to new techniques, especially the ones that secure a high level of anonymity, such as mining. The fact that the software itself can decide what to do and how to approach the machine it wants to invade shows how helpless people really are when faced with this menace.

Summary

- wAAACwAAAAAAQABAEACAkQBADs  - The New Generation of Malware Chooses How to Attack

Description

The responsible hackers obviously want to utilize the ascent of the cryptocurrency-mining harmful software and combine it with the usual attacks. If the infected machine contains a bitcoin wallet, the intelligent malware will equip it with file-encrypting ransomware.

Author


Ali Raza

Publisher Name


Koddos

Publisher Logo



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here