RIG EK Currently Delivering Monero Miner to Unsuspecting Users

RIG EK Currently Delivering Monero Miner to Unsuspecting Users

Until recently, exploit kits were mostly deployed to distribute ransomware. However, following the current trend in worldwide infections, cybercriminals have started using exploit kits for the distribution of cryptocurrency miners.

Exploit Kits and Drive-By Downloads Actively Used in the Distribution of Miners

Exploit kits and drive-by downloads have been detected in some campaigns silently delivering mining malware to online users. These campaigns lure users into installing cryptominers on their systems thus hijacking their CPU’s power through in-browser cryptojacking, and also take advantage of organizations’ vulnerable cloud computing environments, researchers report.

Related Story: Monero Cryptocurrency to Follow Bitcoin in Criminal Popularity?

More specifically, researchers detected a campaign focused on the delivery of cryptominers with the help of drive-by attacks. There was an uptick in the payloads from the well-known RIG exploit kit at the end of 2017. This activity has been extended via a campaign named Ngay.

Ngay droppers contained one or more cryptominers and were aimed at mining for Monero or currencies such as Bytecoin and similar, less popular ones. In this campaign, the Monero miner is downloaded in a complicated process, and this process is also seeking to register it permanently as a running service.

The extracted binary from the RIG EK payload is an installer that drops several .NET modules,” said Jérôme Segura, the researcher who analyzed the campaign.

One of these modules uses an exploit taken from a GitHub repository with the purpose to elevate privileges. Another module has sub-modules for protecting and managing the running services. And the third module downloads and manager the Monero cryptocurrency miner.

According to the researcher, there is a definite increate in malware payloads from exploit kits that are cryptocurrency miners. The trend is expected to continue throughout 2018, as well as the growth of these miners as a whole.

This trend is becoming more dangerous as crypto mining has turned into a cross-platform threat that endangers thousands of infected machines.

Related Story: Drive-By Cryptomining Continues After the Browser Is Closed

How to Protect Your Computer from Cryptocurrency Miners

There are different ways to deal with a cryptocurrency miner depending on its type and capabilities. The more sophisticated the miner is, as in the recent cases of drive-by cryptomining, the more challenging it would be to deal with it.

If the miner is a basic one, the user may install a specific extension according to his browser that would stop the mining in the web browser. There is also the option to manually block domains that are associated with cryptocurrency mining.

However, if the system is affected by malware or ransomware that was equipped with a browser miner virus, then it is advisable to use a proper anti-malware solution to deal with all of the infections.

Manually delete from your computer

Note! Substantial notification about the threat: Manual removal of requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove files and objects
2. Find malicious files created by on your PC

Automatically remove by downloading an advanced anti-malware program

1. Remove with SpyHunter Anti-Malware Tool
Optional: Using Alternative Anti-Malware Tools

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys ‘Mr. Robot’ and fears ‘1984’.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...