Bitcoin-mining trojan disguises itself as antivirus
A computer security firm has warned users against falling for a new malware that spoofs one of its antivirus products.
Trend Micro said the spoof is part of social engineering used by malware writers to fool users into running their programs.
"We believe that by spoofing Trend Micro properties, the people behind this threat are hoping to trick unwitting users into executing the file," it said in a blog post.
It said its products detect the malware as TROJ_RIMECUD.AJL, which when executed creates a process svchost.exe and downloads a component package.
The package it downloads contains a Bitcoin miner application created by Ufasoft. The Bitcoin app is detected as HKTL_BITCOINMINE.
"Bitcoin is considered digital currency and can be used to pay certain transactions online. This attack is timely because of the news that Bitcoin Central has been approved by the law to function as a bank where exchange from Euro and Bitcoins are now possible," Trend Micro noted.
Trend Micro said the malware also consumes much of the infected computer system’s resources.
Signs of this include a sudden slowdown of the system, it said.
"(C)heck your running processes and search for unknown running application. This occurrence maybe caused by a possible infection of Bitcoin mining activity," it advised.
Also, Trend Micro advised users to be extra-cautious when downloading apps and files on the Internet.
"Better yet, refrain from visiting unknown websites and clicking ads or shortened URLs contained in email messages from unverified sources," it said. — TJD, GMA News