Posted on July 8, 2018 at 7:29 AM
When you think there is no way harmful malware that perpetually advances could become any more wicked, it acquires the possibility to choose how to harm your computer, depending on what’s installed on it. The responsible hackers obviously want to utilize the ascent of the cryptocurrency-mining harmful software and combine it with the usual attacks. If the infected machine contains a bitcoin wallet, the intelligent malware will equip it with file-encrypting ransomware.
If, on the other hand, a pre-existing folder is missing, and the machine is capable of mining, a miner will be installed in order to use the power of the machine to generate cryptocurrency. As a malware analyst Orkhan Mamedov said, it is a typical relationship between a criminal and his victim. The ultimate goal is, as always, to make a profit – either by direct extortion, or illegal use of the user’s resources. The malware belongs to Rakhni Trojan family, which has been on the market since 2013 and has perpetually tested the patience and technology of both analysts and regular users.
The process of infection
There is nothing special about the initial attack of this malware – just like many similar ones, the Rakhni assault starts with a phishing email which is sent to possible victims. In this case, they are mostly located in Russia, 95 percent of spam emails also being written in this language. These emails are made to look like messages regarding some financial transactions and they come with an attached Word document, where the dangerous software preys.
The user is, naturally, motivated to enable editing, so that the malicious content can disperse and ensure infection. Afterward, the user is inspired to open the embedded PDF document, which is never actually opened. Instead, the malicious software is launched and the computer is infected with the aforementioned malware.
When installed, Rakhni checks out the environment in order to decide whether to install ransomware or a miner. As said before, if the wallet is already installed, ransomware is downloaded and executed, which automatically means files are encrypted with an awkward extension, after the system has been idle for two minutes.
Every possibility is covered
If cryptocurrency wallet is missing, a miner is downloaded and installed, even being disguised as a Microsoft Corporation certificate. If by any chance, the compromised computer does not accept the installation of either ransomware or a miner, Rakhni doesn’t give up – it copies itself onto other machines connected to the network in an effort to perform its harmful mission.
Even though the attacks by ransomware have somewhat decreased, they are still a clear and present danger for regular users. However, the introduction of the miner shows that hackers are open to new techniques, especially the ones that secure a high level of anonymity, such as mining. The fact that the software itself can decide what to do and how to approach the machine it wants to invade shows how helpless people really are when faced with this menace.