An aggressive form of malware designed to mine cryptocurrency is now crashing PCs when you try to remove it from the system. Dubbed “WinstarNssmMiner” by the 360 Total Security team, the malware essentially hijacks the target PC by consuming loads of processing power to mine the digital coins and attaching itself to the critical system services in Windows to prevent removal.  “The distributor has made tremendous profit via mining Monero on infected computers,” the team said in a blog.

“According to our statistics, 360 Total Security has intercepted its attack over 500,000 times in 3 days.”  What’s not clear is how victims end up with this malware in the first place. Presumably, though, they are opening files in emails or through social media.

Once it lands on a victim’s PC, it scans for antivirus software and will disable any solution not developed by Kaspersky, Avast, and other high-tier providers. If a high-profile antivirus solution is present, the malware doesn’t do anything while the antivirus software scans the file, avoiding detection.  After that, the malware creates two system processes called “svchost.exe,” injects malicious code into these processes, and sets their attributes to “CriticalProcess.” One svchost process then begins too mine digital currency while the second svhost process keeps an eye on the installed antivirus software.

If the antivirus wakes up, they stop in their tracks to avoid detection.  That said, antivirus software doesn’t detect the new malware. But the side effect of mining digital currency is that the process eats tremendous loads of CPU horsepower, slowing down victim PCs to an annoying crawl.

Device owners digging into the Task Manager will attempt to manually close the offending Service Host only to get the dreaded Blue Screen of Death. Ouch. The cryptocurrency miner is connected to four mining pools, which are groups of miners who share their processing power and split the coin stash based on their contribution. Read more from…

thumbnail courtesy of