NRSMiner

Posted: January 14, 2019

NRSMiner Description

NRSMiner is a cryptocurrency miner Trojan that uses your PC's hardware for generating Monero for a third-party's account. NRSMiner spreads by searching for vulnerable systems over local networks automatically and includes both advanced stealth features that hide it from casual sight. Have your anti-malware products delete NRSMiner immediately, double-check the security status of your LANs, and update all associated software for blocking any future exploitation through the same means.

Vietnam Becomes a Little More Blue

An update to the preexisting NRSMiner campaign is hitting hard Vietnam especially, with over half the verifiable infections coming from Windows systems in that country. However, other parts of Asia and the Middle East, ranging from China and Malaysia to Iran also are struggling with unauthorized access to their networks for crypto-mining purposes. NRSMiner's update, like the DBGer Ransomware, the SkyFile Ransomware, or the competing Adylkuzz Crypto-Miner, is leveraging the EternalBlue exploit for its installations.

NRSMiner spreads by scanning for any available machines through port 445 that have yet to patch the EternalBlue SMB vulnerability that owes its development to the United States's National Security Agency. It cements the attack with the DoublePulsar backdoor and uses slightly different installation methods for 32-bit versus 64-bit Windows PCs. As usual, malware experts find NRSMiner injecting its mining module into the preexisting svchost.exe process, which is on all Windows machines, for hiding while it mines.

The mining feature uses the XMRig's code for creating Monero cryptocurrency. While it does so, it may cause spikes in hardware temperature, low memory, and instigate various performance issues. In extreme cases, prolonged cryptocurrency mining under unsafe setups, such as those that a remote attacker determines, even may cause hardware damage or reduce the lifespan of your CPU or GPU. Additionally, malware experts can verify NRSMiner including some limited data-exfiltrating features that may compromise logins and other credentials.

Collapsing NRSMiner's Tunnels of Free Money

NRSMiner is an excellent example of the critical nature of updating one's software regularly; a 2017-dated patch from Microsoft will close the EternalBlue exploit that the Trojan uses for installing itself. Until the patch's implementation, the users should disable SMBv1 as a stopgap measure. Since NRSMiner includes a self-updating feature, it may add new functionality that this article, currently, doesn't cover, although, for now, malware experts reaffirm the threat's focus on XMRig-based Monero mining as its primary feature.

Disabling network connectivity is essential for keeping NRSMiner from infecting new systems opportunistically. While NRSMiner doesn't create an independent memory process and, likewise, goes through some steps for hiding its executables inside of Windows' core locations, most security and AV products should identify it adequately. Have your anti-malware programs eliminate NRSMiner before taking other steps for reevaluating the integrity of your network and hardware, as is appropriate.

As already mentioned, NRSMiner is far from being the only threat using patchable exploits for purposes ranging from the theft of data to blocking your files to hijacking your processor. Attacks like those of NRSMiner should be prevented, while possible, lest their capacity for downloading self-fixes create less correctible problems in future days.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to NRSMiner may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to NRSMiner may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.