Trojan.Agent.MNR
Posted: December 10, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 12,287 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 80 |
| First Seen: | December 10, 2013 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
Trojan.Agent.MNR is a Trojan dropper that currently specializes in installing a non-consensual Bitcoin miner, which uses the resources of the affected PC for generating Bitcoin currency – potentially damaging the underlying hardware in the process. Malicious media player updates are at the root of Trojan.Agent.MNR's distribution, with the current Web domains being used for this purpose clearly squatted on for the purpose of attacking YouTube-related traffic. Due to the risks of permanent damage associated with unsafe Bitcoin miners, malware researchers urge you to use anti-malware tools to remove Trojan.Agent.MNR and its payload as fast as possible after any potential compromise of your PC.
Trojan.Agent.MNR: the Doorway for a Miner that Sees Gold in Your CPU
Bitcoin is seen as a 'safe' investment with a steadily rising value, to the point where even criminals have designed a sub-industry's worth of Trojans around that digital currency. Trojan.Agent.MNR is the instigator of one of the most recent attempts to distribute non-consensual Bitcoin mining programs, which may generate profit in exchange for the affected PC's resources. When used without appropriate safeguards, Trojan.Agent.MNR's Bitcoin miner, PUP.BitCoinMiner, has the potential to cause permanent damage to your computer's hardware. Trojan.Agent.MNR installs PUP.BitCoinMiner with the disguise of a fake Flash update in risky domains that already have been connected to similar attacks in past months of 2013.
Although the corrupted site that Trojan.Agent.MNR uses, ismos.pw, should be easily noticed as damaging, the owners appear to be using sub-domains that mask this site's true nature. By using sub-domains with URLs referencing Facebook and YouTube traffic, they make it appear as though visitors were redirected to a harmless subsidiary of a trusted website. The installation prompt for Trojan.Agent.MNR references a 'YouTube Player' update, while the actual file name merely calls Trojan.Agent.MNR an update for Adobe's Flash Player. When they're available, competent Web-browsing anti-malware programs should be able to detect Trojan.Agent.MNR's website and block Trojan.Agent.MNR before this attack can load.
Taking the Agent Down for the Count
The relative sophistication of the social engineering tactics behind Trojan.Agent.MNR's website makes it clear that personal education on appropriate Web-browsing behavior still is a more than necessary part of any safe PC user's toolkit. Never install updates for popular programs that don't originate directly from an official site or a link directly offered by such a site, and make an effort to identify potentially fraudulent or misleading sub-domains that could be used to obscure a site's Web address. If there's any reason to suspect an update of not being safe, malware experts recommend using anti-malware software to identify the installer file and verify its safety (or the lack of safety, if applicable).
Although Trojan.Agent.MNR only is a Trojan dropper whose attack begins and ends with the installation of other threats, Trojan.Agent.MNR's payload tends to have long term consequences for your computer. Using a professional anti-malware program for deleting Trojan.Agent.MNR, PUP.BitCoinMiner and any other PC threat tied to its attack is advised for the overall health of your PC. Other harmful campaigns also tied to Trojan.Agent.MNR's Web domain include phishing attacks for both Twitter and Facebook account details, with confirmed reports of substantial numbers of compromised accounts.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.