Trending

Premium WordPress Themes Download
Premium WordPress Themes Download
Download Premium WordPress Themes Free
Download Nulled WordPress Themes
free online course
download coolpad firmware
Download WordPress Themes Free
lynda course free download

Attackers Distribute new JavaScript-based Trojan MonsterInstall using Game Cheats

News
By Cybersecfill
MonsterInstall Trojan
662

Attackers have distributed new javascript based trojan in form of game cheats called MonsterInstall Trojan.

How was MonsterInstall Trojan Discovered?

The malware was discovered by Yandex which subsequently sent it over to Doctor Web’s research team for further analysis together with additional info on how the Trojan sample was distributed. The researchers were able to find that the Trojan — dubbed MonsterInstall — uses Node.js to execute itself on the victims’ machines.

How Does MonsterInstall Trojan Work?

MonsterInstall trojan will gain persistence by adding itself to the infected system’s autorun, in order to get automatically launched after the machine is rebooted.The downloader trojan also downloads the crypto mining module ‘xmrig.dll’ onto the infected system.

  • When users download the game cheat, they end up downloading a password-protected zip archive that contains an executable file.
  • Once launched, the executable file downloads the game cheat along with the MonsterInstall trojan components.
  • Once the trojan gets launched, it will gain persistence by adding itself to the infected system’s autorun, in order to get automatically launched after the machine is rebooted.
  • MonsterInstall then starts gathering system info and sends it to the C&C server controlled by the attacker.
  • The downloader trojan then downloads the crypto mining module ‘xmrig.dll’ onto the infected system.

The Cryptomining Module -TurtleCoin 

The cryptomining module loads the malicious executable ‘xmrig.exe’. The executable sends system information to its C&C server and gets back the miner configuration in the form of a JSON file.

Once the miner configuration file is loaded, it will automatically execute and start mining the TurtleCoin cryptocurrency.

Related Posts

#NOGOFALLMAGA RELEASES FREE eBOOK SNIPPET TO MARK 2020 SAFER INTERNET…

Inside Surebet247 Data Breach

Breach of Nigeria Data Protection Regulation by LIRS

“Developers of this malware own several websites with game cheats, which they use to spread the malware, but they also infect other similar websites with the same trojan. According to SimilarWeb’s statistics, users browse these websites at least 127,400 times per month,” Doctor Web researchers said.

This is not the first time gamers have been targeted by cybercriminals and it will most definitely not be the last. For instance, back in 2016, security researchers discovered a flurry of fake and booby-trapped money adders and cheat tools which would actually steal the gamers’ credentials.

Source Cyware Bleeping Computer
Cybersecfill

    Bringing Nigeria Cybersecurity News and security tips to your doorstep

    You might also like More from author

    Leave A Reply

    Your email address will not be published.

    >