What is hidden mining and how to protect computer from it?

Hidden mining everywhere

Don't think that if you do not have a cryptocurrency wallet full of bitcoins, ethereum, and other cryptocoins, then you have nothing to steal. Hidden mining every day mercilessly steals the resources of expensive computer equipment not only from large companies but also from millions of people around the planet: RAM, processor and video cards any computing power is, literally, more expensive than gold.

How to secure your computer and what to do if the hands of cyber fraudsters have already reached your equipment? We will answer this and more questions in our explanatory article.

What is hidden mining?

Miner is a program that provides work to create new structures (usually we are talking about new blocks in the blockchain) for the functioning of crypto platforms. In other words, this is a crypto mining program.

Behind the mining program, there is a person or group of people whose main goal is the extraction of cryptocurrencies. Their miners receive from blockchain participants for providing the computing power of their equipment. Earnings in this case directly depend on the power of the equipment: in order to carry out complex mathematical calculations in large quantities, the program requires a large amount of computing power.

Black mining differs from legal mining in that mining takes place at the expense of other people's resources. The pool of illegal mining virus can number thousands and millions of devices. In such a scheme, even the weakest computer in terms of performance is important for fraudsters.

How can a computer be infected?

Today, there are many ways to infect a computer with a mining virus:

• Through any downloaded from the Internet and running files;
• Direct replanting on a PC (rarely);
• When visiting infected sites;
• Through unauthorized remote access.

Such programs are usually disguised as pirated versions of licensed products or as generators of activation keys for them, which are most often downloaded by users, for example, on file-sharing sites.

Often, the miner is distributed in conjunction with the most harmless at first glance files, for example, along with simple text files via e-mail. The installation of malware occurs in stealth mode, so it is difficult for the user to detect the execution of a dangerous script.

Visiting dubious sites can also harm your computer. You just need to follow the link to the resource, in the script of which the necessary code is written, and while you are on the site, your computer will become part of the cryptocurrency generating network.

Which were the most popular mining viruses?

In general, cybercriminals have been using mining viruses for more than 8 years. They were first encountered in 2011. Since then, there have been more viruses, and the harm that they can cause has become irreversible.

Viruses infect not only computers but also phones. For example, Trend Micro announced a new virus for Android HiddenMiner, which uses all available phone resources for cryptocurrency mining, thereby effectively “killing” the device. Of the known telephone mining worms, there are ADB.Miner, Smominru, as well as SP Browser and Mr. MineRusher, which were discovered by Avast in the Google Play store.

What to do? To get rid of it, experts recommend that you remove the virus if you restart the gadget in safe mode and then delete the administrator account and the application itself.

WinstarNssmMiner virus

Behind one of the largest mining attacks on user's computers is the WinstarNssmMiner virus. For three days, cybercriminals tried to infect more than 500 thousand devices worldwide.

According to experts, a feature of this virus has become a smart victim selection system: before the attack, the computer was checked for the presence of an existing antivirus. An additional feature of WinstarNssmMiner was the difficulty of removal: many users noted the failure of their computers when trying to clean the computer.

DevilRobber mining virus

Less harmful, but more widespread consider DevilRobber mining virus. It was one of the few that hit Apple devices. In October 2011, the threat became so serious that the developers of the IT giant were forced to release a global operating system update for their computers.

By the way, the DevilRobber virus not only uses an array of many computers for hidden mining but also is able to steal virtual currency from crypto-wallets.

WannaMine virus

At the beginning of 2018, the WannaMine ransomware virus was replaced by the WannaMine miner - this malware secretly extracts the Monero, overloading the victim's processor, which leads to a complete shutdown of the system.

WannaMine penetrates the computer system in various ways: through links to websites, pirated copies of games, or with targeted remote penetration into the system. The virus uses the Mimikatz tool to gain access to logins and passwords in the computer's memory and secretly mine cryptocoins on the equipment of the victims.

How to remove a mining virus?

The problem of removing the mining virus is that if a computer is suspected of being infected, users scan the system with antiviruses for trojans. But, every year, cyber fraudsters are developing new ways to circumvent the protection of the operating system and antivirus applications.

To remove the mining virus, experts recommend using different antivirus products. More experienced users can manually search for and delete energy-consuming processes and related files.

But the mining virus may be “ready” for removal and have a restart system. Often, to completely remove malware requires reinstalling the operating system with the permanent removal of all user files.