Select Page

[Overview]

With the rise of virtual currency, a new type of attack – mining Trojans quietly prevailed. Different from the ransomware encrypting user key data and virus Trojan destructing business system, the mining Trojan has no obvious attack characteristics, making it difficult for users to detect. According to statistics, mining Trojans have become one of the preferred methods of attack by hackers.

[Mining Trojans Details]

As a new type of attack, mining Trojans are the product of the rise of virtual currency. After the device is infected, it will become a mining zombie device and automatically perform mining. Most mining Trojans will monitor system resources and adjust themselves to make the CPU utilization at a stable threshold to achieve the purpose of long-term mining, resulting in problems such as slow operation, restart, and increased power consumption.

Due to the malicious behavior such as encrypting user critical data and damaging the business system, it is often difficult for users to associate with virus, which causes large-scale infection of the intranet devices in enterprise, making it difficult to conduct investigations.

Don’t underestimate the harm caused by mining Trojans. After the enterprise users are hit, it is difficult to prevent hackers from monitoring and stealing key data from users, or establishing a connection with the C&C server to create a botnet to further damage the intranet.

[Suggestions]

Most mining Trojans are hidden in some crackers, tools, and plugins, so:

  • Please download the app from a legitimate website; do not easily access unknown websites.
  • For hosts suspected of infecting mining Trojans (high CPU utilization, severe server resource usage, etc.), use professional anti-virus software to clean the virus.

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.251. By deploying any Hillstone Networks solution with the IPS function, the the abnormal behavior of a mining zombie device can be quickly detected and effectively intercepted, preventing the server from being attacked.

Threat Events Detected by Hillstone Solutions

Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level