Bitcoin-Mining Malware

Derzeit wird per Skype Malware verbreitet, der einen Bitcoin-Miner auf den befallenen Rechnern installiert. Easy Money.

Once the machine is infected it drops to the system many other pieces of malware. Downloads come from the Hotfile.com service. At the same time the malware connects to its C2 server located in Germany. The IP address of C2 is 213.165.68.138:9000.

So what does malware do? To be honest many things but one of the most interesting is it turns the infected machine to a slave of the bitcoin generator. The usage of CPU grows up significantly. The mentioned process runs with the command ?bitcoin-miner.exe -a 60 -l no -o http://suppp.cantvenlinea.biz:1942/ -u XXXXXX0000001@gmail.com -p XXXXXXXX (sensitive data was replaced by XXXXXX) It abuses the CPU of infected machine to mine Bitcoins for the criminal.

As I said the campaign is quite active. If you see your machine is working hard, using all available CPU resources, you may be infected.

Skypemageddon by bitcoining