ESET, ahglobal leader in IT security, today
announced that its researchers have discovered an unusual cross-platform
cryptocurrency miner called LoudMiner. LoudMiner uses virtualization software –
QEMU (short for Quick Emulator) on macOS and VirtualBox on Windows – to mine
cryptocurrency on a Tiny Core Linux virtual machine.
LoudMiner comes bundled in pirated copies of a type of audio software
plugin interface called VST (Virtual Studio Technology). LoudMiner then uses
the compromised machines to mine cryptocurrency and uses SCP (Secure File Copy)
with an embedded username and private SSH key to self-update.
“LoudMiner targets audio applications, given the machines running these
applications often have a higher processing power,” said Marc-Etienne M.
Léveillé, senior malware researcher, ESET. “These applications are typically
complex and have a high CPU consumption, so users will not find this activity
unusual. Using virtual machines instead of another leaner solution is quite
remarkable, and is not something we have typically seen before,” added
Léveillé.
ESET has observed that LoudMiner has been in use since August 2018.
To protect yourself, ESET strongly recommends never downloading pirated
copies of commercial software. ESET also advises users to beware of popups from
unexpected “additional” installers, higher CPU consumption, as well as new
services and connections from curious domain names.
For more details, read the full research report, “LoudMiner: Cross-platform
mining in cracked VST software”, on WeLiveSecurity.com.