Subscribe by Email

Truthful News for Cryptocurrency

Your honest source for all things blockchain and cryptocurrency

XiaoBa transforms from ransomware into mining virus

XiaoBa first started to hit the scene in October last year. It was a form of ransomware that when installed on a computer would lock up files until a specific amount of cryptocurrency was paid to unlock the files.

Ransomware has been something of a problem that has arisen as the popularity of cryptocurrency has risen, with ransomware viruses like TomTom targeting The Colorado Department of Transportation and Atlanta city services.

The problem for these cyber criminals however is people are not paying the ransom. In an attack against city services in Atlanta Ga, the city has opted to spend $2.1 Million instead of paying $50 Thousand to cyber criminal to get rid of ransomware.

So it appears these criminals have begun to take up a new practice.

Reported by research teams at Trend Micro, there has been a new modified version of XiaoBa released. This new version of the virus does mining on the infected computer which is nothing really new.

What is new is the way this cryptocurrency mining virus works. It works by infecting files of the target system and preventing applications from working while at the same time destroying files on the target system.

It is unknown whether this destruction of files was intentional or just a side effect of the modified code, however if the virus spreads to far, it can make the entire system completely unusable.

Unlike most cryptocurrency mining viruses this particular virus is not very subtle and the user will notice problems very quickly as it begins destroy the core files of the operating system.

According to researchers, so far there have been two variations of this virus found and both use an injection of Coinhive javascripts to infect .exe, .com, .scr and .pif file types while also disabling Windows User Account Control notifications.

The researchers say:

The malware also uses huge resources because it stacks infections, which unnecessarily takes up more disk space. Since it is also a cryptocurrency miner, it uses the device’s memory resources

One has to question what this virus is actually doing and how much the researches from Trend Micro actually understand cryptocurrency mining because mining Monero actually uses very little of the system’s memory instead using the GPU and CPU power, not memory, to mine the currency.

However that is completely a non-factor for a destructive virus. According to Trend Micro the best solution to prevent this is to have proper antivirus software that is up to date, as well as having secondary security measures installed other than just User Account Control notifications.

It is cyber criminals using software viruses to make gains in cryptocurrency that allow the arguments of mainstream media to say cryptocurrency is nothing more than currency for criminals.

Hopefully in the future there will become ways to determine legitimate mining software from these viruses and hidden mining applications because at the present time almost all mining software is considered to be a virus by most anti-virus companies and many have found it incredibly difficult to trust cryptocurrency wallets that mine as well as standalone cryptocurrency mining software.

These types of practices also keep the values of cryptocurrencies considerably lower than what they may otherwise be, while also establishing a distrust in this new form of currency.

%d bloggers like this: