WinstarNssmMiner mining software infects 500,000 computers in Three Days

The 360 Security Center recently detected that a new mining malware WinstarNssmMiner spread wildly through the Internet and infected up to 500,000 computers in three days.

Unlike previous mining malware, the malware is very difficult to remove, and users attempting to forcefully end the malware will have a direct blue screen. What is interesting is that the malware will also conduct corresponding circumvention measures based on different anti-virus software installed on the victim’s computer to avoid killing and analysis.

In general, mining malware will minimize the interference to the user, so that it can run in the background for high-load continuous mining calculations.

However, this mining malware is just trying to force users to run, for example, when users try to terminate their operations will directly lead to the collapse of the entire system. After restarting the computer, the mining software can be resumed and continue mining. Users either choose to continue to stand or wait for the blue screen of death.

At the same time, in order not to be killed by the anti-virus software and uploaded to the cloud for analysis, when it finds that the user has installed security software, it will automatically quit avoiding confrontation.

This strategy of not directly confronting anti-virus software made the mining software profitable. It infected 500,000 computers in three days and obtained 133 virtual currencies. According to the current market price, the market value of these 133 Monero coins is approximately $28,000 and the average daily attacker can obtain up to $8,900 of black production income.

For security reasons, users are advised to install certain anti-virus software so that they can be identified in a timely manner. Users should be cautious about the unknown software.

Source, Image: 360totalsecurity