360 Security Center received a user feedback reporting that their computer is running slow some time after startup. It was identified as a CryptoMiner malware that steals processor power for digital currencies mining. We named it IdleBuddyMiner. Surprisingly, we found that it asks victims’ permission to use their computer’s idle processing power for “complicated calculation”, luring users into voluntarily donating their computing power for mining Monero, a popular crypto currency.
This malware starts itself by registering as a system startup service. It downloads encrypted code from its control server, decrypts the code and executes it in the memory.
Code: Download encrypted data:
Code: Encrypted data is a mining module that is based on the work of open source project, xmrig(https://github.com/xmrig)
By far, only 360 and a handful of other antivirus vendors are able to detect this malware:
3. Related file hash in MD5
Recently, we have found that a lot of CryptoMiner malware are actively spreading in the wild. We strongly recommend users to enable antivirus software while installing new applications. Users are also recommended to run virus scan with 360 Total Security to avoid falling victim to CryptoMiner.