KingMiner Malware Dodges The Detection Of Monero Mining

Cryptojacking malware KingMiner is making considerable improvements to dodge its detection and succeed in its nefarious goals. Cryptojacking is a new sort of online malware attack wherein a code is infused to a user’s computers. However, instead of locking down the system, the code steals processing power from the computer to mine digital currencies.

The latest report from Israeli cybersecurity firm, Check Point Software Technologies, presents a glaring insight in the progress of KingMiner. It also notes that the future KingMiner updates will improve its probability of successful attacks.

Updates to the Newer Version

The KingMiner malware specifically targets Microsoft-created servers, especially the Internet Information Services (IIS) and SQL Server. Furthermore, it employs unusual and brute tactics to unlock users’ passwords with an attempt to compromise the server.

Once it gets access to the server, it will download a Windows Scriptlet file (.sct extension) on the victim’s machine. During the execution stage of the script file, it detects the machine’s CPU architecture. Also of the script file finds earlier versions of the attacks, the new infection will delete them all.

Proceeding ahead, KingMiner downloads the file with .zip extension. Note that this is not the ZIP file but the XML file. The key target here is to circumvent emulation attempts.

Once that the extraction is complete, the malware payload extracts new registry keys while executing the Monero-mining XMRig file. The design of XMRig CPU miner is such that it can use nearly 75% of the CPU capacity. However, this can also exceed due to some sort of coding errors.

The KingMiner cryptojacking malware uses smart tactics to prevent any monitoring of its activities or the tracing of its creators. The report notes,

“It appears that the KingMiner threat actor uses a private mining pool to prevent any monitoring of their activities. The pool’s API is turned off, and the wallet in question is not used in any public mining pools.”

The researchers at Check Point have yet to determine the domains used, which are still private.

The Growing Menace of Cryptojacking

With the growing number of cryptocurrency users and enthusiasts, the menace of cryptojacking is on a steep rise. A report from the popular cyber-security company McAfee Labs in September 2018 shows that there was 86% surge in cryptojacking cases reported by Q2, 2018.

The report further states that these cryptojacking malware not only targets computers but even smartphones and other mobile devices.

Risk Disclosure

This article should not be taken as, and is not intended to provide, investment advice. Users are ultimately responsible for the investment decisions he/she/it makes based on this information. It is your responsibility to review, analyze and verify any content/information before relying on them. Trading is a highly risky activity. Do consult your financial adviser before making any decision. Please conduct your thorough research before investing in any cryptocurrency and read our full disclaimer.

Join our Telegram Group To Stay Up To Date With Crypto News