Vulnerability Notification: Mining Trojans

[Overview]

With the rise of virtual currency, a new type of attack – mining Trojans quietly prevailed. Different from the ransomware encrypting user key data and virus Trojan destructing business system, the mining Trojan has no obvious attack characteristics, making it difficult for users to detect. According to statistics, mining Trojans have become one of the preferred methods of attack by hackers.

[Mining Trojans Details]

As a new type of attack, mining Trojans are the product of the rise of virtual currency. After the device is infected, it will become a mining zombie device and automatically perform mining. Most mining Trojans will monitor system resources and adjust themselves to make the CPU utilization at a stable threshold to achieve the purpose of long-term mining, resulting in problems such as slow operation, restart, and increased power consumption.

Due to the malicious behavior such as encrypting user critical data and damaging the business system, it is often difficult for users to associate with virus, which causes large-scale infection of the intranet devices in enterprise, making it difficult to conduct investigations.

Don’t underestimate the harm caused by mining Trojans. After the enterprise users are hit, it is difficult to prevent hackers from monitoring and stealing key data from users, or establishing a connection with the C&C server to create a botnet to further damage the intranet.

[Suggestions]

Most mining Trojans are hidden in some crackers, tools, and plugins, so:

  • Please download the app from a legitimate website; do not easily access unknown websites.
  • For hosts suspected of infecting mining Trojans (high CPU utilization, severe server resource usage, etc.), use professional anti-virus software to clean the virus.

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.251. By deploying any Hillstone Networks solution with the IPS function, the the abnormal behavior of a mining zombie device can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description