Home Malware Programs Worms CrazyCoin


Posted: March 20, 2020

CrazyCoin is a worm that includes features for collecting information, mining cryptocurrencies, and creating a backdoor for attackers. Its presence represents a significant risk to the user's privacy, hardware health, and control over their computer. Users should have anti-malware products remove CrazyCoin appropriately and establish robust network security for counteracting the threat's self-distribution.

Worms Providing Problems from All Angles

A Chinese worm that endangers most Windows PCs is showing all the drastic consequences of letting an infiltrator into your network, either by invitation or accident. CrazyCoin is, like many advanced threats, a multiple-component program that employs both custom and third-party code for its attacks. Overall, its payload's aims are, plainly, monetarily-focused, although the Trojan also couples its monetization scheme with some supporting espionage.

CrazyCoin uses a complex execution process involving a handful of executable, two of which pretend that they're Microsoft's Office or key management service. The downloading of the proper modules abuses Powershell scripts, with the consequences revealing themselves as multiple mining applications, spyware, and a long-term backdoor. Malware experts are isolating the following components of the CrazyCoin worm as especially damaging:

  • Like the Evasive Monero Miner, Clipsa, and others, the Trojan drops a version of XMRig for mining cryptocurrency.
  • However, unlike most XMRig-abusing Trojans, CrazyCoin also uses a second mining component, NBMiner.
  • The worm also possesses a component, 'aaaa.exe,' that searches for passwords and other confidential data before uploading it to the attacker's server.
  • It also listens on port 3611 for network communication from the attacker and may give them the equivalent of a backdoor – letting them change system settings, edit files, and use programs on the PC at will.

CrazyCoin also is classifiable as being a worm. It distributes itself through the NSA's EternalBlue exploit, which affects most versions of Windows, including Vista, Windows 7, 8.1, 10, and Server 2008. As a network traverser, it can spread throughout the local intranet and compromise other devices rapidly.

Cutting Back on the Crazy

Software patches are the first line of defense against CrazyCoin's spreading and will resolve the Server Message Block vulnerability of EternalBlue. Users also should keep the password-stealing functionality of CrazyCoin in mind and not depend overly on login-based forms of protection from the threat's circulation. While some of its elements are faking being Office software, malware experts trace most infections back to an initial, fake 'text' file, 'vip.txt,' which attackers could insert into e-mails or host on the Web.

Long-term CrazyCoin infections poise various hazards to users, whether in a work environment or a casual one. Mining cryptocurrency can instigate performance issues and even damage hardware through overheating. Stolen information may facilitate network-traversing attacks or become products for sale on the Dark Web. Backdoors also allow any number of additional attacks at the hacker's behest as long as an uninterrupted network connection is present.

While its origins suggest a Chinese threat actor, CrazyCoin is a problematic predator for any network that doesn't mind its lines of defense. With cryptocurrency, information, and even the computers themselves, being at stake, there's more reason than ever for users to isolate software-based infections just as fast as biological ones.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to CrazyCoin may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.