A new malicious cryptocurrency mining script has been uncovered by security researchers, specifically targeting people downloading cracked music production software.
The mining script, known as LoudMiner, is multi-platform, and hijacks user resources to mine for Monero. The malware has been reported to have been in circulation since August 2018, with a spike in activity in recent months.
An industry-leading application, the hack has the potential to affect a significant number of those attempting to download the software illegally.
“LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018. It uses virtualization software—QEMU on macOS and VirtualBox on Windows—to mine cryptocurrency on a Tiny Core Linux virtual machine, making it cross platform,” the researchers said. “It comes bundled with pirated copies of VST software. The miner itself is based on XMRig (Monero) and uses a mining pool, thus it is impossible to retrace potential transactions.”
Affecting both Mac and Windows systems, the script hijacks user resources to mine for Monero, running significant processing resources and energy costs on unsuspecting victims.
Targeting audio production software would potentially allow the script to run undetected, with audio production already a CPU-intensive process. Additionally, according to the researchers, audio production systems often have greater system resources available, and tend to run higher end hardware.
As many as four variations of the script have been uncovered, though it remains unclear how much the hackers might have made from the scam.
The malware installs itself at a root level on the host system, and automatically reloads on system restart, making it difficult to remove. Some victims have even reported reinstalling their operating system in order to remove the malware.
The malware is the latest example of malicious crypto mining scripts being planted in software. Previously, hackers managed to sneak malicious code into updates for Adobe Flash, and there have even been reports of malware in Windows OS updates.
The researchers at ESET suggested that the best advice was to avoid downloading torrents and cracked versions of software. In any event, they urged users to monitor CPU usage and start-up processes, in order to avoid falling victim to this type of cryptojacking malware.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as SegWitCoin BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins. Altcoins, which value privacy, anonymity, and distance from government intervention, are referenced as dark coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.