Adware Bundlers pushing CryptoCurrency Miners on Unsuspecting Victims

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this

Adware installers are out of control and with little or no law regulating them, the crap they push onto their victims is getting worse and worse.  Yesterday, while looking through a few adware installers I noticed a new offer called VNLGP Miner. Once I saw the word miner, I knew that this would install some sort of cryptocurrency miner on the poor unsuspecting victim’s computer.

On install, the installer performs a variety of checks to see if it should allow the miner to be installed.  One of the checks is to see if specific antivirus programs, listed below, are installed on the computer and if present to abort the install. As far as I am concerned, if a program will not install because an antivirus program is present, then that automatically raises a red flag.

Targeted Security Programs
AVG Avast DrWeb
K7 Antivirus 7.0 Malwarebytes McAfee
VIPRE Antivirus VIPRE Internet Security FortiClient
Panda Filseclab Twister Antivirus Avira
Baidu TrendMicro IKARUS
Symantec Endpoint Protection gData Nano

As this particular miner utilizes the computer’s graphics card, it then checks to see if a compatible one is installed. If it does not detect a compatible graphics card, it will once again abort the install.

If the computer has a nice juicy graphics card to take advantage of and no antivirus to detect the miner, the installer will install VNLGP into the %AppData%\VNLGP\VNLGP folder. It will also create a autorun so its starts every time the user logs into the computer. When launched, the miner will be set to use 70% of the graphics card’s power, which on high end cards has significant electrical consumption and heat generation.

The included configuration file, shown below, specifies how the miner should work when executed.  From the config file we see that it is connecting to a mining pool located at the hostpool50.poolminers.net and logs in with the username miner and password X. We also see that it is mining the Decred cryptocurrency.

VNLGP Miner Config
VNLGP Miner Config

Adware sucks, but what really sucks about this “offer” is that it could actually cause physical damage to a victim’s hardware.  When a user mines for cryptocurrency they know that their extended use will generate a lot of heat, use a lot of power, and diminish the life expectancy of their graphics card.  This is ok to them because they hope the revenue they earn from mining will offset the costs.

On the other hand, when an adware bundle installs a miner onto a victim’s computer without their knowledge they are essentially stealing. They are using the victim’s electricity, hardware, and generating heat in order to generate revenue for themselves at the expense of the victim.

If this is not illegal, it should be, yet companies get away with this crap because they use confusing language that most people do not read. These types of adware bundle offers have become an epidemic that is mostly ignored as it typically affects consumers or general computer users rather than the enterprise. Something needs to change when it comes to these types of programs.

Fuente:http://www.bleepingcomputer.com/

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this