Bird Miner
The Bird Miner is a cryptocurrency-mining Trojan that uses your hardware for generating Monero and other cryptocurrency coins. This threat is Linux-based, but uses emulation for running in MacOS environments, and may infect your PC after you download pirated software. Users should have anti-malware services ready for deleting the Bird Miner and avoid illicit download links that are traditional security risks.
Mining by Bird in Your Mac
A rare case of a MacOS-based Trojan is doubly-so, for using a novel Linux-emulating means of compromising the system. The Bird Miner risks triggering various security solutions through its software-emulation method, which may be from the threat actor's lack of familiarity with the Mac-brand software. However, the author isn't a novice and provides obfuscation features and significant support for other programs in Bird Miner's payload.
The Bird Miner's campaign dates to at least February 2019 through circulating on a pirated software domain, VST. The gigabytes-large installation file includes the cryptocurrency-mining Trojan, which uses components with filenames that it chooses from a list randomly. Malware experts also note the Bird Miner's inclusion of several checks against analysis environments or overtaxed CPU resources that would make the computer unsuitable for mining. In these cases, the Bird Miner doesn't complete its entire payload.
If it does finish loading everything, the Bird Miner uses process-generating launch daemons for loading separate executables, including Tiny Core for Linux emulation, and XMRig, the well-known Monero-mining program. This last component uses a CPU-bound mining script that's lightweight relatively and may avoid being detectable by a user at the keyboard, and has similar appearances in campaigns like those of the PCASTLE Trojan and the Chinese Beapy.
Shooing a Bird Miner Off Its Perch
The Bird Miner can run multiple mining scripts simultaneously, which ramps up the stakes of infections and can be responsible for notable hardware or performance issues. Although it's a rarity for XMRig-based attacks, a cryptocurrency-mining Trojan may even cause permanent damage due to overheating from mining excessively. Users should respond to infections for limiting any damage from the Bird Miner immediately, besides its theoretical profits.
Its structural novelty isn't negligible, but the Bird Miner is likely of taking over headlines for its infection strategy, too. The Bird Miner is compromising MacOS PCs through VST downloads of pirated software such as Ableton Live 10 and other, premium programs. Users of that website should avoid links to illicit downloads and scan any downloads that aren't safe implicitly for identifying and deleting the Bird Miner preemptively.
Qemu-derived emulation, percentage-based CPU checks, and compartmentalized mining processes make the Bird Miner into a fully fleshed-out mining operation. While its emulative strategy may be an Achilles heel, users always can do better than downloading illicit goods in the first place.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.