Plurox
Plurox is a backdoor Trojan that can deliver other threats to your system and compromise local networks. Plurox payload is configurable, but its early attacks deal in a variety of cryptocurrency-mining Trojans, which hijack hardware resources for generating money for third parties. Users can keep anti-malware services for deleting Plurox and its add-ons and should monitor traditional network security weaknesses like e-mail and login credentials for any issues.
A Mining Project Coming to Your Network Whether or not You Want It
Researchers are responsible for the detection of another backdoor Trojan with an eye for mining activities, similar to the campaigns of the Megumin Trojan, the SpeakUp Backdoor or the Nansh0u Miner. However, the newest threat of this class, Plurox, does more than drop a tweaked version of XMRig. This threat's payload includes comprehensive, modular support for accommodating different hardware setups for maximizing its coin-creating potential.
The unusually bright feather in Plurox's cap isn't the fact that it uses configurable modules – which is a tradition for many backdoor Trojans – but the nature of them. It retrieves its add-ons through a dedicated 'subnet' of its C&C infrastructure that only deals with delivering the cryptocurrency-mining components. The Trojan plays host to at least eight separate miners for different hardware setups, including AMD and Nvidia-brand GPUs.
To make the most of its mining potential, the threat actors have built-in significant self-distribution functionality into Plurox. Malware experts confirm its local network-spreading capabilities through using the NSA's EternalBlue with an SMB component that's a partial derivative of the Tricker Trojan. A second infection-spreading tactic uses a port-forwarding technique with the Trojan's UPnP plugin, which conceals the attack's origin as coming from the router instead of the infected PC.
The Drafty Backdoor that a Miner Opens
Plurox's attacks have more possibilities than just making money by using the victim's computer, although mining, by itself, is a potentially disruptive and even hardware-destroying activity. Plurox can download and run additional files or modules, self-update and remove itself. These features, while relatively modest, give the backdoor Trojan the possibility of escalating the level of security risk by dropping spyware, RATs, etc.
There is a patch from Microsoft for the EternalBlue vulnerability (technical label: CVE-2017-0144) that should prevent Plurox's SMB-abusing feature from working. However, the initial infection vectors spearheading its campaign's attacks aren't known to malware analysts. They recommend keeping away from infection hotspots like illicit download resources, scanning e-mail attachments before opening them and turning off unsafe features like Word macros and your browser's JavaScript.
Users should depend on their anti-malware products for uninstalling Plurox, whose presence may include supporting threats with separate payloads and security risks. For now, the backdoor Trojan is a Windows-only threat.
A backdoor Trojan with mining aspirations is a cliché, but one with Plurox's level of sophisticated specialization is far from ordinary. Any victims should respond to attacks quickly, lest that mining turns into an overheating problem for CPUs and GPUs throughout their network.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.