×

Registration

Profile Informations

Login Datas

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

NSA DoublePulsar Trojan Turns Infected PCs Into Monero Cryptocurrency Mining Zombies

Cryptocurrency like Bitcoin and Ethereum are big business these days. While Bitcoin has received the lion’s share of the attention since its introduction in 2009, Ethereum is poised to overtake it in market cap in the near term.

With all of this attention be shifting to cryptocurrency mining — and the hardware that helps make it possible — it should come as no surprise that nefarious parties are looking to take advantage of unsuspecting users. Unfortunately, these bad actors are making use of the NSA’s leaked DoublePulsar trojan.

It all starts with Trojan.DownLoader24.64313, which is downloaded to a computer via a backdoor provided by DoublePulsar. Once on a user’s PC, the downloader installs the Trojan.BtcMine.1259 malware. Once installed, it performs a few checks and if the coast is clear, it loads itself into memory.

When activated, Trojan.BtcMine.1259 uses a PC’s resources to mine for Monero (XMR) cryptocurrency.  According to Dr. Web, the Trojan.BtcMine.1259 includes both 32-bit and 64-bit binaries so that it can take full advantage of your processing hardware. Dr. Web writes:

This module’s configuration indicates how many of the processor’s kernels and computing resources will be used for cryptocurrency mining, the intervals with which the miner will automatically restart, and other parameters. The Trojan tracks running processes on the infected computer and shuts itself down when an attempt is made to launch the Task Manager.

Earlier this month, we learned about the Linux.MulDrop.14 malware that was taking advantage of Raspberry Pi devices that didn’t have their default passwords changed. It should be noted, however, that due to the relatively low computing power of the targeted devices, it’s unlikely that an attacker would have much to gain financially from hijacking the Raspberry Pi.

“If the entire Mirai botnet of 2.5 million IoT devices was furiously mining bitcoin, it's total earnings would be $0.25 (25 cents) per day,” wrote Errata Security in mid-April.

(Image Source: monero.how)

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'https://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source