Home Malware Programs Trojans 'Winlogui.exe' Miner

'Winlogui.exe' Miner

Posted: October 7, 2019

Computer users have filed multiple complaints regarding the process 'winlogui.exe' recently. Although the name of the process may sound like a part of the Windows operating system, the situation is very different – this process is being used by a Trojan cryptocurrency miner that harvests a computer's processing power to mine for Monero or another cryptocurrency. Users affected by the 'Winlogui.exe' Miner are likely to experience a major performance loss, system instability, and other performance-related issues that may render their computer difficult to use. The purpose of Trojan cryptocurrency miners is to generate profits for their operators by transferring all mined coins to the wallet of the attackers.

New Cryptojacking Malware Campaign Targets Regular Users

There is no precise information about the techniques that cyber crooks use to deliver the 'Winlogui.exe' Miner to their targets. It is possible that they might rely on a broad range of propagation channels:

  • Pirated media.
  • Pirated software.
  • Torrent trackers.
  • Files hosted on shady hosting services.
  • Malvertising.
  • Fake updates and offers for software downloads.

The best way to ensure that corrupted files will never get to your computer is to download content from trustworthy sources only, as well as remember never to download pirated content. Furthermore, you should invest in a reputable anti-virus product to keep you safe.

The 'Winlogui.exe' Miner Does Its Best to Stay under the Radar

The 'Winlogui.exe' Miner appears to have some interesting self-preservation mechanisms that help it stay undetected by some low-level security tools, as well as to avoid attracting attention. For example, it monitors the running processes for specific entries related to performance analysis tools continuously – Task Manager, Process Hacker, SysMon, etc. If it detects that a process of this sort is running, it stops mining immediately so that the process will consume no CPU resources. This might make it difficult for inexperienced users to locate the cause of performance issues.

Naturally, the 'Winlogui.exe' Miner gains persistence on infected hosts by performing one of these tasks:

  • Adds a new Windows Registry key that commands Windows to execute the 'winlogui.exe' process whenever the operating system starts.
  • Adds an 'LNK' file pointing to 'winlogui.exe' to the 'Startup' folder, therefore ensuring that the miner will start with Windows.

It is always good to check what process is consuming resources if you encounter performance issues with your computer – sometimes, this may reveal the presence of a Trojan miner on your computer. The 'Winlogui.exe' Miner is proof that cybercriminals are becoming more creative with the techniques they use to disguise and hide their malware, and this is why it is always recommended to run an anti-virus scanner if you experience major performance loss.

Loading...