A new Trojan is detected

in #hackers7 years ago


Dr.Web's specialists reported the emergence of a new Trojan-Meiner for Windows, Trojan.BtcMine.1259, which is distributed through the DoublePulsar exploit, originally belonging to the NSA.

Previously, DoublePulsar belonged to intelligence agencies, but the group The Shadow Brokers managed to steal hacking tools of the NSA last year, and in April of this year they published them on the Internet for free.

DoublePulsar has already been used to spread WannaCry encryption, during mass attacks in May 2017.

The main purpose of the detected Tiger-Myner is the production of Monroe Cryptographic.
The module, designed for Mining Monero, is implemented as a library, with the trojan containing both 32 and 64-bit versions of the Meiner. The configuration for this module specifies how many cores and computing resources the processor will be used to extract cryptographic, which interval will automatically restart the maimer, and so on. Troyan tracks running on infected computer processes and when you try to run Task Manager immediately terminates your work.