WinstarNssmMiner Monero mining malware crashes PC upon detection

Another day, another Monero cryptocurrency mining malware hits unsuspected users worldwide – This one crashes your system once the anti-virus software attempts to delete it.

The IT security researchers at 360 Total Security have discovered a nasty piece of malware infecting Windows-based devices to mine Monero cryptocurrency by using their computing power (CPU) and slowing down its performance.

Dubbed WinstarNssmMiner by researchers; the malware was found conducting 500,000 attacks in just three days. What makes this malware nasty is its capability of crashing targeted machine once the anti-malware software detects and attempts to remove it.

According to 360 Total Security researchers, “this malware is acting snobbish when facing different antivirus software. It turns off antivirus protection of defenseless foes and backs off when facing sharp swords. As a result, users without a decent antivirus product have to live with the slowness and the blue screens of their computers.”

So far the malware has made over 133 Monero tokens which were around $26,500 (€22,487).

Interesting, the malware looks for decent antivirus solutions on the targeted system, for instance, Avast and Kaspersky. In case it detects any of these solutions it automatically quits its operation to avoid being detected but in case an anti-virus product detects and tries to delete WinstarNssmMiner it crashes the system.

“Though WinstarNssmMiner has the ability to deceive antivirus software. It’s in its nature still a CryptorMiner and its implementation is based on the open source project, XMRIG. It comes with four ming pool and is able to determine mining pool based on the parameters passed to it,” explained researchers.

XMRIG is a legit Monero mining software package however cybercriminals have been using it for malicious purposes. XMRIG was previously used in GTA 5 PC ModOracle WebLogic FlawJenkins server, Linux servers, and others platforms to mine Monero cryptocurrency.

Cryptocurrency investors and unsuspected users are urged to keep an eye on the security of their system and avoid falling for scams delivering WinstarNssmMiner type of malware. Just yesterday we reported on a new kind of phishing attack called MEWKit stealing Ethereum from MyEtherWallet. Stay safe online.

See: Hackers Hide Monero Cryptominer in Scarlett Johansson’s Picture

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.