A recent form of cryptojacking which is utilized to mine Monero has been found to rely on constant improvements in order to avoid detection as well increase its chances of success.

According to researchers at Check Point Software Technologies, an Israeli cybersecurity firm, this malware, which is dubbed as KingMiner will more than likely continue on its path of constant updates in the future in order to increase its probability of successful attacks and in turn this will make it even harder to detect.

The “KingMiner” malware, which frequently targets servers which have been developed by tech giant Microsoft, particularly Internet Information Services (IIS) and SQL Server, makes use of aggressive tactics in order to reveal the passwords of users with a view of comprising the server during its initial attack phase.

Upgraded Versions:

When KingMiner successfully gains access, a Windows Scriptlet file (with the file name extension .sct) is downloaded before its execution on the user’s machine. During this execution stage, the infected machine’s CPU architecture is detected and if it finds older versions of the attack files, the new infection deletes them. The KingMiner malware then proceeds to download a file with the .zip extension, but this is of course not a zip file but a XML file instead. The point is to bypass emulation attempts.

Thus, only after extraction, new registry keys are created by KingMiner and the Monero-mining XMRig file is executed. By its original design, the XMRig miner was created to only use 75% of CPU power, but this becomes easily exceeded as a result of coding errors.

The KingMiner malware thus has been successful in avoiding detection by simply employing mechanisms such as obfuscation and executing the .exe file only in an effort to leave no trace. In addition to this, KingMiner takes extreme precautionary measures in order to prevent its activities from being noticed or its creators being traced:

“It appears that the KingMiner threat actor uses a private mining pool to prevent any monitoring of their activities. The pool’s API is turned off, and the wallet in question is not used in any public mining pools. We have not yet determined which domains are used, as this is also private.”

Attack Attempts On The Increase While Detection Rates At A Low:

As detection engines report a reduction in detection rates for KingMiner, experts at Check Point Software Technologies have noticed a gradual increase in the attack rates of the malware.

This report released by Check Point Software Technologies comes during a time where cryptojacking incidents have increased across the globe. Earlier this year in September it was reported that cryptojacking had risen by a whopping 86% in the second quarter as per a statement by McAfee Labs.

At the time of press, McAfee Labs, explained that cryptojacking malware was no longer just attacking personal computers but was also attacking smartphones at an alarming rate as well as other mobile devices with an internet connection. This, of course, is a sign that bad actors have begun to cast their malicious nets as far and wide as possible during a time where cryptocurrency prices were dropping.

Have you ever been the victim of cryptojacking? Do you know of someone who has been a victim of the KingMiner malware? Let us know your story by commenting below.

Follow CoinBeat on Facebook, Twitter & Telegram

Subscribe to our CoinBeat Newsletter

Submit an article to CoinBeat

View live Marketcap Prices here