Home Malware Programs Trojans XMRig

XMRig

Posted: June 22, 2017

XMRig is a cryptocurrency mining program that uses your PC's hardware to generate Monero-based currency. Although not all installations of XMRig are non-consensual or unsafe, malware experts are finding some cases of this program being installed by Trojans and related threats. Ignoring an infection may cause permanent system damage or performance problems, and most users should have appropriate anti-malware tools disable and remove XMRig when it's not wanted.

When Minting Coins Goes Wrong Fast Easily

Only two months ago, its creator was promoting XMRig as a utility for generating money out of 'nothing' via traditional a cryptocurrency-mining process. Unfortunately, threat actors already are making use of the freeware for ill-minded purposes, by hijacking other users' computers and then installing XMRig automatically. PC owners not monitoring their resource expenditures carefully could be putting their systems at risk for not just bad performance, but permanent hardware failure.

Although XMRig isn't threatening inherently, various brands of security software often identify cryptocurrency mining applications as being Trojans heuristically. After being installed either intentionally or non-consensually, XMRig runs a non-hidden background process that generates Monero currency over time. Ordinarily, this program also provides a CMD-based user interface window. However, Trojans installing XMRig may hide this window, meaning that only indirect symptoms of its presence are detectable.

While malware researchers still are identifying the threats exploiting with XMRig, these attacks appear to be using botnet features to redirect large quantities of generated currency to a threat actor's address. The Trojans in question also are exploiting Registry vulnerabilities to reinstall XMRig, if necessary. Users who manage to find and remove XMRig, but take no further actions to disinfect their PCs, may experience the same problems reoccurring whenever as they reboot.

Decoupling Your PC from a Crook's Money-Making Rig

Trojans abusing XMRig, along with similar 'miner' Trojans, can include network-based features that let them re-download the programs, if necessary. Disabling the Internet connectivity and limiting your PC's contact with other systems can help isolate this threat, initially. The symptoms of XMRig's misuse may be nothing more than a higher percentage of CPU or memory usage, which Windows users can see from the Task Manager. However, the extreme abuse or inappropriate configuration of XMRig could cause other errors, including hardware overheating, bad performance, or crashes, all of which can lead to permanent damage.

The relative newness of XMRig's hijacking has malware experts not able to verify samples of the Trojans associated with its installation yet. Infiltration methods could range from disguised downloads from corrupted websites, drive-by-download Web content, or fake documents abusing macros. Scanning your downloads before opening them is the simplest way of detecting and deleting threats of this type. You should remove XMRig's non-consensual variants with dedicated anti-malware products that also can detect all of these related security risks. If possible, you should include the Registry in any system scans.

Intentions and reality in software development often meet in violent conflict. Although money-making freeware like XMRig isn't made to be threatening, the practical results of its existence often are being the exploited 'partner' of a Trojan campaign.

Loading...