The researchers at a Israeli Cybersecurity firm recently found that Kingminer, a cryptojacking malware is constantly upgrading it’s system to escape detection and increase chance of success.
It will continue to update which will invariably make detection tougher.
The malware’s prey are servers developed by Microsoft especially Internet Information Services (IIS) and SQL Server. It uses brute force attacks to get the password of the users and compromises the server during the initial phase of the attack.
Firstly, it gains access and downloads the Windows Scriplet file and then executes it on the machine. Secondly, machine’s CPU architecture is detected and if in case older versions of attacks are found, they are deleted. Lastly, KingMiner downloads a file with a .zip extension to bypass emulation attempts.
After extracting the new registry keys are created by malware payload and Monero-mining XMRig file is executed. Ideally, XMRig CPU miner uses 75% of the CPU capacity but can exceed this as result of coding errors. KingMiner is taking ample measures to prevent its activities from gaining attention and protecting the identities of it’s creators.