BlackSquid
Cryptomining malware is being by more and more favored by the threat actors due to its ability to generate money without raising a lot of red flags while working on infected systems swiftly. One of the latest crypto mining Trojans to be seen in the wild goes by the name ‘BlackSquid,’ and its authors appear to use a long list of vulnerabilities and exploits to acquire new victims. In addition to the use of various vulnerabilities, the BlackSquid’s operators also have implemented multiple checks to ensure that the software is not being executed into a controlled environment meant for malware debugging – a rather common thing to see in modern malware, since the criminals want to take advantage of any opportunity to make the work of malware researchers harder.
The primary targets of the BlackSquid miner are Web servers, hence why it takes advantage of the EternalBlue and DoublePulsar exploits to transfer its files to other vulnerable machines that are part of the network of the infected system. Of course, this is not something new as we see crypto miners being used in combination with the NSA exploits – NRSMiner and WannaMine are just two examples of Trojan miners using the NSA’s leaked exploits.
The BlackSquid also checks for vulnerabilities in several popular Web server software suites – Apache Tomcat, Rejetto HFS and ThinkPHP. Once the crypto miner is deployed successfully, it will not start its business immediately to avoid sandboxes. The program is able to check for the presence of certain strings that are known to be used by the popular virtual machine software. If it detects any matches, it will terminate itself and avoid this target in the future.
If everything goes smoothly for the malware, it will proceed to plant a modified version of the XMRig miner that has been configured to work with a private mining pool, and send all generate coins to the attacker’s wallet. The cryptocurrency that the BlackSquid is used for is Monero so that the infected computers will end up spending most of the available CPU resources on this task.
Trojanized cryptocurrency miners are not harmful, but they may cause loss of performance, and shorten the lifespan of certain computer parts. Thankfully, you can deal with the BlackSquid and similar threats easily by running a trustworthy anti-malware scanner.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.