A virus that has both functions of Ransomware and Mining and selects efficient attack

by Christoph Scholz

It is malware called Ransomware , which invades another person's computer, encrypts the file stored in the computer and requests "to open a file, pay ransom". On the other hand, malware called mining malware exists that uses the CPU of a compromised computer without permission and mining the virtual currency, apart from Ransomware. Kaspersky of security measures found "Malware that has the functions of both Ransomware and Mining Malware and will make more effective attacks."

New Virus Decides If Your Computer Good for Mining or Ransomware
https://thehackernews.com/2018/07/cryptocurrency-mining-ransomware.html

Kaspersky , a security company headquartered in Russia, has found malware that makes traditional Ransomware have the function as mining malware and decides which attack to take after invading the computer.

According to Kaspersky, the infection route of the malware found this time is sent a phishing mail with attachment file of Microsoft Word, and prompts the user to save the document when the recipient of the mail opens the Word file. A PDF icon is included in the file, and malware is executed on the PC by clicking the icon.

If malware spies infected with antivirus software, it decides whether to attack as ran - gamware from some criteria or attack as mining malware. If there is a "Bitcoin" folder in the AppData of the infected person, the virus starts attacking as Ransomware, encrypts the file and requests ransom.

On the other hand, if there is no bit coin folder in AppData and more than two logical cores are present in the computer, attack will start as mining malware. In this case, we will launch virtual currency mining software in the background, masquerade as a reliable process and carry out mining.

by Blogtrepreneur

Also, if there is no bit coin folder in AppData and only one logical core exists, it seems to execute the worm component and copy itself to the computer in the local area network. In addition, Kaspersky says that this new malware has several spyware functions, and sends a list of running processes and screenshots without permission.

According to Kaspersky, over 95% of malware infections are confirmed in Russia. As the best way to prevent attacks, The Hacker News said it is important not to open suspicious files and links even if they are sent by e-mail, and to keep antivirus software in the proper state.