Adware installers are out of control and with little or no law regulating them, the crap they push onto their victims is getting worse and worse. Yesterday, while looking through a few adware installers I noticed a new offer called VNLGP Miner. Once I saw the word miner, I knew that this would install some sort of cryptocurrency miner on the poor unsuspecting victim’s computer.
On install, the installer performs a variety of checks to see if it should allow the miner to be installed. One of the checks is to see if specific antivirus programs, listed below, are installed on the computer and if present to abort the install. As far as I am concerned, if a program will not install because an antivirus program is present, then that automatically raises a red flag.
|K7 Antivirus 7.0||Malwarebytes||McAfee|
|VIPRE Antivirus||VIPRE Internet Security||FortiClient|
|Panda||Filseclab Twister Antivirus||Avira|
|Symantec Endpoint Protection||gData||Nano|
As this particular miner utilizes the computer’s graphics card, it then checks to see if a compatible one is installed. If it does not detect a compatible graphics card, it will once again abort the install.
If the computer has a nice juicy graphics card to take advantage of and no antivirus to detect the miner, the installer will install VNLGP into the %AppData%\VNLGP\VNLGP folder. It will also create a autorun so its starts every time the user logs into the computer. When launched, the miner will be set to use 70% of the graphics card’s power, which on high end cards has significant electrical consumption and heat generation.
The included configuration file, shown below, specifies how the miner should work when executed. From the config file we see that it is connecting to a mining pool located at the hostpool50.poolminers.net and logs in with the username miner and password X. We also see that it is mining the Decred cryptocurrency.
Adware sucks, but what really sucks about this “offer” is that it could actually cause physical damage to a victim’s hardware. When a user mines for cryptocurrency they know that their extended use will generate a lot of heat, use a lot of power, and diminish the life expectancy of their graphics card. This is ok to them because they hope the revenue they earn from mining will offset the costs.
On the other hand, when an adware bundle installs a miner onto a victim’s computer without their knowledge they are essentially stealing. They are using the victim’s electricity, hardware, and generating heat in order to generate revenue for themselves at the expense of the victim.
If this is not illegal, it should be, yet companies get away with this crap because they use confusing language that most people do not read. These types of adware bundle offers have become an epidemic that is mostly ignored as it typically affects consumers or general computer users rather than the enterprise. Something needs to change when it comes to these types of programs.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.