AcruxMiner Virus - Come rimuovere infezioni attive

AcruxMiner Virus - Come rimuovere infezioni attive

1 Star2 Stars3 Stars4 Stars5 Stars (Ancora nessuna valutazione)
Loading ...

Questo post del blog è stato creato per aiutare a spiegare qual è la AcruxMiner miner app and how you can try and remove it and prevent it from mining Monero cryptocurrencies on your computer.

Un nuovo, very dangerous cryptocurrency miner virus has been detected by security researchers. il malware, detto AcruxMiner can infect target victims using a variety of ways. L'idea principale dietro il AcruxMiner miner is to employ cryptocurrency miner activities on the computers of victims in order to obtain Monero tokens at victims’ expense. Il risultato di questo minatore è le bollette di energia elettrica elevati e se si lascia per lunghi periodi di tempo AcruxMiner può anche danneggiare i componenti del computer.

Sommario minaccia

NomeAcruxMiner Virus
TipoCriptovaluta Miner Virus
breve descrizioneUn minatore crypto che si propone di utilizzare le risorse del computer per miniera per cryptocurrencies.
SintomiIl computer potrebbe verificarsi rallentamenti, surriscaldamento, processi sospetti in esecuzione e altri tipi di effetti collaterali indesiderati..
Metodo di distribuzioneScarica bundle. Le pagine Web che possono pubblicizzare.
Detection Tool See If Your System Has Been Affected by AcruxMiner Virus


Strumento di rimozione malware

Esperienza utenteIscriviti alla nostra Forum to Discuss AcruxMiner Virus.

AcruxMiner — Distribution Methods

The AcruxMiner is a malicious cryptocurrency miner that has been detected in an active distribution campaign. At the moment there is no information about the hacker or criminal collective responsible for its creation or distribution. It is possible that such data will be known in the future.

The first detection of it was made in May 2018 when its activity was discovered for the first time. Further analysis into its origins shows that it is promoted by its developers on various hacker underground markets. This means that prospective buyers can buy the bare threat and add new modules to it or order a complete and customized solution. It can be combined with other threats as well — ransomware, Trojan e ecc.

According to the analysis the AcruxMiner malware strains are being distributed as a MaaS (Miner-as-a-Service) which is subscription-based access to the malware sources. This means that the developers behind it can constantly push updates to paying customers.

As soon as the AcruxMiner malware is prepared it will be distributed using some of the popular tactics.

Usually most of these threats are built into the websites via JavaScript code. Once the users visit the respective sites their browsers will automatically run the code and as a result start the miner code. Other sources of infection include the following:

  • I messaggi di posta elettronica — The scripts that start the cryptocurrency miner can also be included in email messages. All interactive contents placed in the body message can lead to the execution of such code. The emails themselves impersonate well-known senders such as services and companies.
  • Documenti — Macro-infected documents of all popular types can serve as infection sources: presentazioni, banche dati, documenti di testo e fogli di calcolo ricchi. Once they are opened a prompt will appear asking them to enable the built-in scripts. If this is done the miner code will be launched.
  • installazione di applicazioni — The hackers can embed the miner code in setup files of popular software. Gli esempi includono utilità di sistema, productivity applications and creativity solutions.
  • Browser hijacker — These are malicious extension made for the popular web browsers. These strains are uploaded to their respective repositories and include counterfeit user reviews and even developer credentials. Their descriptions will promote feature additions and various performance optimizations in order to coerce the users into installing them. When this is done modifications to the browser settings will be made to redirect the victims to a hacker-controlled site. Following this step the miner will be loaded.

AcruxMiner — Analysis

As soon as the AcruxMiner malware is deployed it will start the built-in behavior pattern. The first step is to launch the associated miner code. It will connect to a hacker-controlled server using a preset configuration. Lo farà “feedthe machine complex mathematical tasks that take advantage of the available hardware resources. The miner samples have been found to take advantage of both the CPU and video card (GPU) along with the memory and hard disk space. The advanced and higher tier miner has a few additional features:

  • Custom Mining Algorithm — The updated and higher tier AcruxMiner strains can scan the system and generate a report of the installed hardware components. According to the list an optimized algorithm will be selected to optimize performance.
  • Installazione Persistent — The AcruxMiner malware can be installed in a way which will modify the operating system and boot configuration options in order to automatically start the engine every time the computer starts. A consequence is the inability to access certain recovery menu, this can render most manual removal instructions non-working.
  • Multi-factor Auto-load Option — This option will automatically download samples in a way which will optimize the jobs and tasks completion.

The AcruxMiner malware uses an encrypted wallet which cannot be accessed by the users or system administrators. It is only used to collect and synchronize the generated income. All captured versions also feature an auto-infect capability that will scan the computer for any connected removable devices. If such are found they will be infected.

The AcruxMiner is distributed alongside a rootkit infection that will make it very difficult to remove using most methods. Other options available to the threat include the ability to monitor the clipboard and also interact with the Windows volume manager and network shares. This allows the miner to spread to other hosts on the local network thus being a localized botnet.

It is very possible that the perpetrators of the miner originate from Russia as the network connections to the miner servers are primarily to Russian IP addresses.

The captured samples associated with the threat also include a componente Trojan that will set-up a secure connection to a hacker-controlled server. This allows the operators to spy on the victim machines, execute certain commands and also infect them with additional payloads.

Other signatures under which the threat is known includes the following:
[email protected]
a variant of Win32/CoinMiner.EQ potentially unwanted

Rimozione di AcruxMiner is strongly recommended, poiché si rischia non solo una bolletta grande energia elettrica se è in esecuzione sul vostro PC, ma il minatore può anche svolgere altre attività indesiderate su di esso e persino danneggiare la vostra PC in modo permanente.

Remove AcruxMiner Miner from Your PC

If you want to remove this miner from your PC, sappiate che può eliminare i file. Questo è il motivo, vi consigliamo di backup di tutti i file importanti, se sul PC prima di rimuovere questo virus.

Rimuovere AcruxMiner minatore automaticamente dal tuo PC, vi consigliamo di seguire il manuale di rimozione qui sotto. È separato In rimozione manuale e automatico, dal momento che questo possa contribuire efficacemente a eliminare i file dei virus in modo permanente. Se la rimozione manuale non aiuta, tuttavia, si consiglia di che cosa consigliano maggior parte dei ricercatori e che è quello di scaricare un software avanzato anti-malware per eseguire una scansione con su PC infetto. Tale programma si prenderà automaticamente la cura del AcruxMiner miner virus dal computer e farà in modo che sia completamente rimosso più il vostro PC rimane protetto anche in futuro.

Martin Beltov

Martin si è laureato con una laurea in Pubblicazione da Università di Sofia. Come un appassionato di sicurezza informatica si diletta a scrivere sulle ultime minacce e meccanismi di intrusione.

Altri messaggi - Sito web

CinguettioGoogle Plus

Lascio un commento

Il tuo indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

Termine è esaurito. Ricarica CAPTCHA.

Condividi su Facebook Quota
Loading ...
Condividi su Twitter Tweet
Loading ...
Condividi su Google Plus Quota
Loading ...
Condividi su Linkedin Quota
Loading ...
Condividi su Digg Quota
Condividi su Reddit Quota
Loading ...
Condividi su Stumbleupon Quota
Loading ...