AcruxMiner Virus - Hvordan fjernes aktive infektioner
TRUSSEL FJERNELSE

AcruxMiner Virus - Hvordan fjernes aktive infektioner

Dette blogindlæg er blevet skabt for at hjælpe med at forklare, hvad der er den AcruxMiner miner app and how you can try and remove it and prevent it from mining Monero cryptocurrencies on your computer.

En ny, very dangerous cryptocurrency miner virus has been detected by security researchers. den malware, kaldet AcruxMiner can infect target victims using a variety of ways. Hovedidéen bag den AcruxMiner miner is to employ cryptocurrency miner activities on the computers of victims in order to obtain Monero tokens at victims’ expense. Resultatet af denne minearbejder er de forhøjede el-regninger, og hvis du lader det i længere tid AcruxMiner kan det beskadige computerens komponenter.

Trussel Summary

NavnAcruxMiner virus
TypeCryptocurrency Miner Virus
Kort beskrivelseEn krypto minearbejder, der har til formål at udnytte ressourcerne i din computer til minen for cryptocurrencies.
SymptomerDin computer kan opleve langsom-downs, overophedning, mistænkelige processer, der kører og andre former for uønskede bivirkninger..
DistributionsmetodeMedfølgende downloads. Websider, der kan annoncere det.
Værktøj Detection See If Your System Has Been Affected by AcruxMiner Virus

Hent

Værktøj til fjernelse af malware

BrugererfaringTilmeld dig vores forum to Discuss AcruxMiner Virus.

AcruxMiner — Distribution Methods

The AcruxMiner is a malicious cryptocurrency miner that has been detected in an active distribution campaign. At the moment there is no information about the hacker or criminal collective responsible for its creation or distribution. It is possible that such data will be known in the future.

The first detection of it was made in May 2018 when its activity was discovered for the first time. Further analysis into its origins shows that it is promoted by its developers on various hacker underground markets. This means that prospective buyers can buy the bare threat and add new modules to it or order a complete and customized solution. It can be combined with other threats as well — ransomware, Trojanere og etc.

According to the analysis the AcruxMiner malware strains are being distributed as a MaaS (Miner-as-a-Service) which is subscription-based access to the malware sources. This means that the developers behind it can constantly push updates to paying customers.

As soon as the AcruxMiner malware is prepared it will be distributed using some of the popular tactics.

Usually most of these threats are built into the websites via JavaScript code. Once the users visit the respective sites their browsers will automatically run the code and as a result start the miner code. Other sources of infection include the following:

  • e-mails — The scripts that start the cryptocurrency miner can also be included in email messages. All interactive contents placed in the body message can lead to the execution of such code. The emails themselves impersonate well-known senders such as services and companies.
  • Dokumenter — Macro-infected documents of all popular types can serve as infection sources: præsentationer, databaser, rige tekstdokumenter og regneark. Once they are opened a prompt will appear asking them to enable the built-in scripts. If this is done the miner code will be launched.
  • Ansøgning Installers — The hackers can embed the miner code in setup files of popular software. Eksempler indbefatter systemværktøjer, productivity applications and creativity solutions.
  • Browser Hijackers — These are malicious extension made for the popular web browsers. These strains are uploaded to their respective repositories and include counterfeit user reviews and even developer credentials. Their descriptions will promote feature additions and various performance optimizations in order to coerce the users into installing them. When this is done modifications to the browser settings will be made to redirect the victims to a hacker-controlled site. Following this step the miner will be loaded.

AcruxMiner — Analysis

As soon as the AcruxMiner malware is deployed it will start the built-in behavior pattern. The first step is to launch the associated miner code. It will connect to a hacker-controlled server using a preset configuration. Det vil “feedthe machine complex mathematical tasks that take advantage of the available hardware resources. The miner samples have been found to take advantage of both the CPU and video card (GPU) along with the memory and hard disk space. The advanced and higher tier miner has a few additional features:

  • Custom Mining Algorithm — The updated and higher tier AcruxMiner strains can scan the system and generate a report of the installed hardware components. According to the list an optimized algorithm will be selected to optimize performance.
  • Vedvarende installation — The AcruxMiner malware can be installed in a way which will modify the operating system and boot configuration options in order to automatically start the engine every time the computer starts. A consequence is the inability to access certain recovery menu, this can render most manual removal instructions non-working.
  • Multi-factor Auto-load Option — This option will automatically download samples in a way which will optimize the jobs and tasks completion.

The AcruxMiner malware uses an encrypted wallet which cannot be accessed by the users or system administrators. It is only used to collect and synchronize the generated income. All captured versions also feature an auto-infect capability that will scan the computer for any connected removable devices. If such are found they will be infected.

The AcruxMiner is distributed alongside a rootkit infection that will make it very difficult to remove using most methods. Other options available to the threat include the ability to monitor the clipboard and also interact with the Windows volume manager and network shares. This allows the miner to spread to other hosts on the local network thus being a localized botnet.

It is very possible that the perpetrators of the miner originate from Russia as the network connections to the miner servers are primarily to Russian IP addresses.

The captured samples associated with the threat also include a Trojan komponent that will set-up a secure connection to a hacker-controlled server. This allows the operators to spy on the victim machines, execute certain commands and also infect them with additional payloads.

Other signatures under which the threat is known includes the following:

BehavesLike.Win32.Pate.vc
DeepScan:Generic.Application.CoinMiner.1.31B24370
HEUR/QVM19.1.0757.Malware.Gen
PUA.VMProtect
Packed-GV!570A9CC9FD20
Packed.Vmpbad!gen38
TROJ_GEN.R002C0OKD18
TScope.Malware-Cryptor.SB
Trojan.Agent.Miner
Trojan.Win32.CoinMiner.2542080
Trojan/Win32.Miner.C2834012
Trojan:Win32/Fuerboos.C!cl
Win.Dropper.Temonde-6571898-0
[email protected]
Win32.Trojan.Miner.Stkk
a variant of Win32/CoinMiner.EQ potentially unwanted

Fjernelse af AcruxMiner is strongly recommended, da du risikerer ikke kun en stor elregning, hvis det kører på din PC, men minearbejder kan også udføre andre uønskede aktiviteter på det og endda skade din PC permanent.

Remove AcruxMiner Miner from Your PC

If you want to remove this miner from your PC, tilrådes at det kan slette dine filer. Det er derfor, vi råde dig til at tage backup af alle dine vigtige filer, hvis på din pc, før du fjerner denne virus.

At fjerne AcruxMiner Miner automatisk fra din PC, vi råde dig til at følge fjernelsen manual nedenfor. Det er adskilt I manuel og automatisk fjernelse, da dette reelt vil hjælpe slette virus filer permanent. Hvis manuel fjernelse ikke hjælper, dog, anbefaler vi, hvad de fleste forskere rådgiver og det er at hente en avanceret anti-malware-software for at køre en scanning med det på din inficerede pc. Et sådant program vil automatisk tage sig af AcruxMiner miner virus fra din computer og vil sørge for, at den er fjernet fuldstændigt plus din pc forbliver beskyttet i fremtiden også.

Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...