The decision to download the cryptor or the miner depends on the presence of the folder %AppData%\Bitcoin. If the folder exists, the downloader decides to download the cryptor. If the folder doesn’t exist and the machine has more than two logical processors, the miner will be downloaded. If there’s no folder and just one logical processor, the downloader jumps to its worm component.
Researchers identified a new variant of the remote execution downloader that queries the victim's system on a number of factors, from the existence of Bitcoin storage to the presence of certain virtual machine managers, before downloading either an encryption payload or one that begins mining Monero coins
Full details here:
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
No comments:
Post a Comment