The admins of the site also frequently update the applications with newer versions, making it difficult to track the very first version of the miner. The applications themselves are not hosted on the WordPress-based site, but on 29 external servers, which can be found in the IoCs section. The size of the apps makes it impractical to analyze them all, but it seems safe to assume they are all Trojanized.
The first application – Kontakt Native Instruments 5.7 for Windows – was uploaded on the same day. DistributionĪt the time of writing, there are 137 VST-related applications (42 for Windows and 95 for macOS) available on a single WordPress-based website with a domain registered on 24 August, 2018. The miner itself is based on XMRig (Monero) and uses a mining pool, thus it is impossible to retrace potential transactions. It comes bundled with pirated copies of VST software. It uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency on a Tiny Core Linux virtual machine, making it cross platform. LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018.
The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS Introduction
0 kommentar(er)
