Wmixml Detected Mining Monero In China
According to the report from EDR Security, WMIXML mining malware have been detected in the intranet of an enterprise. The malware is hosted in the svchost.exe, which is system process in windows operation system and therefore hard to kill. Such virus is first spotted in China but it points to the most favorite cryptocurrency in botnet: Monero or XMR.
Unlike conventional mining viruses, the mining function of wmixml exists as a encrypted file rather than a regular stand-alone exe. On the infected host, there will be a virus dll loaded. After being loaded by the system process svchost.exe, it will read the encrypted file and decrypt it in memory, and then inject the mining program into another system process svchost.exe. Since the decryption action occurred in memory, a large number of antivirus engines have been bypassed.
Virus name: wmixml
Virus nature: New Type of Mining Virus
Scope of impact: The first case in the country has been discovered
Hazard rating: 2
Killing difficulty: extremely difficult
In another blog that seeks help to kill the virus, the author gave more detail regarding the wmixml:
“url”: “91.121.2.76:80”,
// URL of mining server pool.minexmr.com
“user”: “465Qh6sTNHzf5Tmn2NHTUrJau7QYxTRPr7qwAH3va68pYNXPyqT23oAAQWdvKBEr8wCVEZWHo8ce5e1yGLNfJ3sZHSVskP9.rg299”
EDR Security has released a detailed article explaining the injection process and some suggestions:
1) Isolate the infected host: The infected server should be isolated as soon as possible, shut down all network connections, disable the network adapter;
2) Confirm the number of infections: Scant the entire network to identify lurking infections.
3) Killing the virus. Botnet virus killing is recommended.
4) Patching vulnerabilities: If the intranet uses JBoss, please confirm the version and fix the related vulnerabilities.
5) Change Password: Weak password of host account is recommended to be changed into a strong one.
Learn cryptocurrency and digital assets since 2013 and co-founder of 8btc in 2014. Co-author of 2014-2015 Digital Currency Development Report(2015) and first author of Investment Guidelines To Blockchain Digital Currency (Published in June 2017 ISBN:9787300239286).
COMMENTS(6)
Wmixml Detected Mining #Monero In China | http://NEWS.8BTC.COM http://news.8btc.com/wmixml-detected-mining-monero-in-china …
Stablecoin Based on Bytom (BTM) – Some Thoughts.https://news.8btc.com/stablecoin-based-on-bytom-btm-some-thoughts …
China’s Alibaba Cloud Takes Its BaaS to Global Marketshttps://news.8btc.com/chinas-alibaba-cloud-takes-its-baas-to-global-markets …
#HongKong SFC Launches New Rules to Regulate #Crypto Funds and Exchanges | http://NEWS.8BTC.COM https://news.8btc.com/hong-kong-sfc-launches-new-rules-to-regulate-crypto-funds-and-exchanges …
Hey, check this out: [ Smartphone Maker Xiaomi Denies Cryptocurrency Shares Selling | http://NEWS.8BTC.COM ] (via Quarry app)https://quarrydapp.page.link/bmWmNL5NGtv9HzXN9 …
#PBoC PromisesTighter Regulation on Disguised #ICOs, #Airdrops In Danger | http://NEWS.8BTC.COM https://news.8btc.com/pboc-promisestighter-regulation-on-disguised-icos-airdrops-in-danger …
Please sign in first