Check Point Software Detects ‘KingMiner’ Crypojacking Malware Is Evolving Amongst Crypto Mining Bots
Just When You Thought It was Safe To Go Into Mining: New Mining Malware Seen To ‘Evolve' According To Researchers
According to new research by the Israel-based cybersecurity company, Check Point Software Technologies, a new form of crypto mining malware, referred to as ‘KingMiner‘ is seen to be ‘evolving'.
This news is according to research published by the firm on Thursday. Two of the firms researchers, Ido Solomon and Adi Ikan stated that KingMiner, which is a type of malware originating from the Monero blockchain about six months ago.
When the researchers refer to it as evolving, they refer to the way in which it changes over time in order to avoid detection, this even leads to it replacing older versions of itself that it encounters on host machines, upgrading its counterparts to help them avoid detection.
The researchers said:
“The malware continuously adds new features and bypass methods to avoid emulation. Mainly, it manipulates the needed files and creates a dependency which is critical during emulation.”
It's because of these tactics, the malware is capable of minimizing the chances of it being detected by security systems, being able to reduce rates of it being discovered ‘significantly'.
The malware itself primarily targets Microsoft-based servers (mostly IIS / SQL servers), with the program itself being developed to harnass 75 percent of a victim's machine, while leaving the remainder intact. But at times, it manages to harness 100 percent of the victims processing power.
One of the more covert ways that it is able to mask its visibility to suspicious users and software is by masking itself within a private mining pool, this means that it would also has its API switched off.
“We have not yet determined which domains are used, as this is also private. However, we can see that the attack is currently widely spread, from Mexico to India, Norway and Israel,” the researchers go on to explain within the research paper.
This continued capability to change, evolve and update contemporary programs, they continued on to predict that these same evasive techniques will continue to evolve across 2019, making it increasingly common across different crypto-mining malware variants.