New ‘Snobbish’ Cryptojacking Malware Infected 500k Users in 3 Days, Report Says
WinstarNssmMiner, a new type of malware script used to mine Monero, has spread to half a million devices in 3 days, cyber researcher reports.
New research published by cyber security firm 360 Total Security May 16 found that the malware, referred to as WinstarNssmMiner, presents a fresh challenge to users, due to its ability to both mine and crash infected machines at will.
Malicious software that engages in cryptojacking – the use of another’s device to mine crypto without their knowledge – has become a common phenomenon in recent months.
As Cointelegraph reported, instances have risen dramatically in 2018. A warning from Microsoft highlighted only 644,000 infected devices in the period September 2017 to January 2018 - only slightly more than WinstarNssmMiner’s three-day progress.
Commenting on the latest threat, 360 said it was “surprised” that in addition to mining Monero, the malware could also force a user’s PC to crash if it detected the presence of certain antivirus software, writing:
“This malware is very hard to remove since victims’ computers crash as soon as they found and terminate the malware.”
A twist comes in the form of what 360 describes as “snobbish” behavior regarding antivirus brands: the presence of well-known products from companies such as Kaspersky Lab and Avast! cause WinstarNssmMiner not to activate at all. Other brands are ignored, resulting in mining and crashes.
Earlier this month, Cointelegraph also reported on how code for crypto-mining program Coinhive was found on over 300 governmental and university websites worldwide.