30 November 18, 13:33
Quote:The researchers at CheckPoint analyzed the new threat and gave it the name KingMiner. They found that it targets Microsoft IIS and SQL Servers in particular and runs a brute-force attack to gain access. Once in, the malware determines the CPU architecture and checks for older versions of itself to remove them.
It relies on the freely available XMRig miner to create Monero coins, with a configuration file that contains private mining pool with the API disabled to keep away from prying eyes.
According to the researchers, the miner is configured to use 75% of the CPU resources but in practice, it uses 100% of the processor, probably because of bugs in the code.
KingMiner implements several defenses against emulation environments and detection, recording low rates with some antivirus engines by using an XML payload disguised as a ZIP file.
"The use of evasion techniques is a major component of a successful attack," CheckPoint says, adding that the malware uses simple techniques to bypass emulation and detection methods.
Source: https://www.bleepingcomputer.com/news/se...evolution/