MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more.



One of them is Primecoin (sign: Ψ; code: XPM), a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Cunningham chains & bi-twin chains' and has a real world importance in mathematical research.



Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a very large number of Primes.



Like other cryptocurrency miners, .



After Bitcoin , the increasing public attention of other cryptocurrency did not go unnoticed by the Cyber criminals who have begun unleashing Primecoin mining malware.



Mehrdad Yazdizadeh, a security researcher from antivirus firm 'Panda Security' told The Hacker News that he has found few malicious Primecoin miners available on the Internet for Download from some Chinese websites and Torrents.

Primecoin miners are written in python and other scripting languages are using a variety of methods to infect the users' systems i.e. Brute-forcing, privilege escalation, modify SQL tables". He said.



Those infected systems can be used as a botnet network to perform further attacks. Another interesting feature of this malware is the ability to host SQL server through XP_cmdshell of MSSQL.



"On execution, the malware will inject the SQL server to cmd.exe, svchost.exe, explorer.exe and similar process to hide itself as rootkits " he added. Like Bitcoin, There are numerous other cryptocurrency similar in nature, including, ProtoShares, Litecoin, Peercoin, BitBar and many more.One of them isa peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as '' and has a real world importance in mathematical research.Worldwide famous RSA Encryption basically uses two prime numbers for generatingRSA key pair. If you are able tothe public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large...a very large number of Primes.Like other cryptocurrency miners, Primecoin miners are also available and in simple terms, just put your computer to work to find prime numbers chain and make moneyAfter, the increasing public attention of other cryptocurrency did not go unnoticed by the Cyber criminals who have begun unleashing Primecoin mining malware., a security researcher from antivirus firm '' toldthat he has found few malicious Primecoin miners available on the Internet for Download from some Chinese websites and Torrents.". He said.Those infected systems can be used as anetwork to perform further attacks. Another interesting feature of this malware is the ability to hostthrough XP_cmdshell of MSSQL." he added.

Users affected by this malware will experience abnormally high CPU usage on their computers as a result of the infection.



Further analyses showed that the malware creates a process that call "sqlservr.exe", pointing to another file i.e. " primecoin . conf ", which contains the credential and the IP address of the malware's master to communicate.



"Even if a user will delete sqlservr.exe or the conf folder, it will recover itself again and again. Also, malware is capable to enable the windows Guest account automatically" he said.



He found thousands of login (mostly failed to login) activities in a infected machine via the windows event, seems that Malware is facilitating the attacker to brute force the system user accounts for privilege escalation.

He collected some of the attacker's IP addresses from where the brute-force attack was triggered:

59.53.67.154

59.53.67.154

59.53.67.13

58.218.199.248

58.218.199.248

23.91.24.39

23.228.193.83

23.228.193.82

222.78.223.84

222.214.218.50

222.163.193.37

220.178.30.230

220.178.30.230

220.178.30.230

216.99.158.69

216.99.150.238

I saw an attempt was made to reset an account's password. It tried to download more malicious files from other servers, " he said. servers, " he said.

Replicating itself through file systems

Killing the antivirus and security programs

According to the virus total report currently almost none of the Antivirus products are able to detect it:

Report-1

Report-2

Report-3

Report-4

Report-5 Update: Mehrdad informed us that Panda Antivirus is now able to detect this malware. Users are advised to keep their system/networks behind the shield of Firewall/IPS/IDS and install ' Mehrdad informed us thatis now able to detect this malware. Users are advised to keep their system/networks behind the shield of Firewall/IPS/IDS and install ' Panda Cloud Cleaner ' for remove this threat.

More features he noticed are: