Users' devices can become infected with the cryptocurrency miner by downloading pirated copies of a type of audio software plugin interface called Virtual Studio Technology (VST). Once infected, LoudMiner then uses the compromised machines to mine cryptocurrency and the miner even has the ability to self-update through the use of Secure File Copy (SCP) with an embedded username and private SSH key.
- Businesses still aren't encrypting their removable devices
- IoT devices now top priority for cybercriminals
- Researcher exposes VirtualBox zero-day vulnerability
Senior malware researcher at ESET, Marc-Etienne M. Léveillé explained why LoudMiner targets systems running audio software, saying:
“LoudMiner targets audio applications, given the machines running these applications often have a higher processing power. These applications are typically complex and have a high CPU consumption, so users will not find this activity unusual. Using virtual machines instead of another leaner solution is quite remarkable, and is not something we have typically seen before.”
ESET has observed that LoudMiner has been in use since August 2018 and the firm recommends that users avoid downloading pirated copies of commercial software to protect themselves.
ESET also recommends that users should beware of popups from unexpected “additional” installers, higher CPU consumption, as well as new services and connections from curious domain names.
For more details on LoudMiner, you can read ESET's LoudMiner: Cross-platform mining in cracked VST software report.
- We've also highlighted the best antivirus