Thursday, May 28, 2020

Example of Miner Exploit

Here is an example of how scams/spams can try to make your computer a cryptominer.  I received this email, and knew it was fake, but wanted to know what type of scam this was going to be.  Was it going to try to steal my credentials to the Apple App Store or try to download malware to my computer?


After scanning the attachment, I opened it in a virtual machine and hovered my mouse over the link in the pdf document, showing me the destination. 

Initial testing showed it was designated as malicious.


And further research indicated one reason it was marked as bad.  Notice the AV detection result "Marked as clean."  

This indicates an attempt to use MinerGate Cryptocurrency Miner, which is mining software that supports 14 types of cryptocurrencies, such as Zcash, Ethereum, Bitcoin, Litecoin, Bytecoin, Monero, FantomCoin.  For a brief overview of crypto currency, see my article.

Thanks to Hybrid Analysis for their generous sharing of a great tool!