Now hackers are hiding cryptojacking code in fake Windows installation files

08 Nov, 2018
by David Borman
Now hackers are hiding cryptojacking code in fake Windows installation files

A recent blogpost by security firm Trend Micro outlines a new means for cryptojacking malware to avoid detection. Specifically, it disguises itself as Windows installation files, causing many detection methods to ignore it as harmless while it eats up system resources mining crypto.

Cryptojacking malware works by running invisible in the background but using your computers CPU/GPU to mine cryptocurrency. This year alone countless stories have come out about the nefarious practice.

This new method basically sends the files to your computer disguised as Windows Installer MSI files, which are supposed to be trusted. The installer then unpacks itself and sets up the miner in the background.


The process even has a self destruct mechanism that can delete all of its files and remove any trace of it from the system. The entire process is covered in elaborate detail on Trend Micro's blog.

Interestingly, the installation uses Cyrillic text during the initial setup, which could be an indication of the original creators, though language doesn't give investigators much to go on.


Right now, Trend Micro does not know where this malware originated or how many have been infected. As always, stay right here with Chepicap for any and all updates!

Read more: Five men arrested in South Korea for cryptojacking attack on over 6000 computers, Canadian university shuts down entire network to stop cryptojacking hack

Follow Chepicap now on Twitter, Telegram and Facebook!


Have you ever been the victim of crypto related malware?

(6 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage