Normally, each malware has a specific purpose according to the hacker that programs it. Recently, the mining software that uses victims’ hardware to mining cryptocurrencies is trend, although we also have the traditional Trojans, spyware and adware, software that displays annoying advertisements on victims’ computers to produce revenues.
A cyber security portal unveil UpdateChecker, a new malware that has a cryptocurrency mining software that uses the CPU and GPU of victims’ computers to mine cryptocurrencies and, on the other hand, with an adware that shows advertising on the victim’s desk every hour.
This new malware reaches users, with a fake Flash Player update. When the victim visits a web page created by hackers, a message is displayed about a news update of Flash. When clicking on it, a file will be downloaded to our computer, which, when executed, will connect to a remote server, controlled by hackers, from which it will download these malware into the computer, according to cyber security professionals, it will save them in the Windows Update directory to avoid suspicion and execute them.
This malware consists of multiple files, but the most essential one is the binary “updatechecker.exe”, since it is the one that controls both the adware and the cryptocurrency mining software. Additionally, the malware is configured to automatically start up next to the system creating a scheduled task called “WindowsUpdateChecker”.
This malware uses our device to undermine a cryptocurrency, while adware focuses on teaching ads or referral links that produce revenue to hackers.
If we have been infected by malware, its deletion is difficult since it has enough persistence, and still has functions that, if we close the process, it reopens automatically.
If we want to remove this malware from our computer, the data security experts tell us that we must restart our computer in Safe Mode to avoid the malware starting and being able to eliminate it, and, once inside, remove the file “updatechecker.exe” that we will find inside the directory “% UserProfile% \ AppData \ Local \ Microsoft \ WindowsUpdate \”.
Once this binary is eliminated, it is convenient to pass an anti-malware, to finish cleaning up the malware residues.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.