Trending

Download WordPress Themes Free
Download WordPress Themes
Download Nulled WordPress Themes
Premium WordPress Themes Download
udemy paid course free download
download coolpad firmware
Download Premium WordPress Themes Free
online free course

Attackers Distribute new JavaScript-based Trojan MonsterInstall using Game Cheats

News
By Cybersecfill
MonsterInstall Trojan
346

Attackers have distributed new javascript based trojan in form of game cheats called MonsterInstall Trojan.

How was MonsterInstall Trojan Discovered?

The malware was discovered by Yandex which subsequently sent it over to Doctor Web’s research team for further analysis together with additional info on how the Trojan sample was distributed. The researchers were able to find that the Trojan — dubbed MonsterInstall — uses Node.js to execute itself on the victims’ machines.

How Does MonsterInstall Trojan Work?

MonsterInstall trojan will gain persistence by adding itself to the infected system’s autorun, in order to get automatically launched after the machine is rebooted.The downloader trojan also downloads the crypto mining module ‘xmrig.dll’ onto the infected system.

  • When users download the game cheat, they end up downloading a password-protected zip archive that contains an executable file.
  • Once launched, the executable file downloads the game cheat along with the MonsterInstall trojan components.
  • Once the trojan gets launched, it will gain persistence by adding itself to the infected system’s autorun, in order to get automatically launched after the machine is rebooted.
  • MonsterInstall then starts gathering system info and sends it to the C&C server controlled by the attacker.
  • The downloader trojan then downloads the crypto mining module ‘xmrig.dll’ onto the infected system.

The Cryptomining Module -TurtleCoin 

The cryptomining module loads the malicious executable ‘xmrig.exe’. The executable sends system information to its C&C server and gets back the miner configuration in the form of a JSON file.

Once the miner configuration file is loaded, it will automatically execute and start mining the TurtleCoin cryptocurrency.

Related Posts

Privilege Escalation Vulnerability Discovered in Trend Micro Password…

Hackers can Manipulate Media Files via Whatsapp and Telegram

25 Million Android Phones Infected with Malware Using WhatsApp

“Developers of this malware own several websites with game cheats, which they use to spread the malware, but they also infect other similar websites with the same trojan. According to SimilarWeb’s statistics, users browse these websites at least 127,400 times per month,” Doctor Web researchers said.

This is not the first time gamers have been targeted by cybercriminals and it will most definitely not be the last. For instance, back in 2016, security researchers discovered a flurry of fake and booby-trapped money adders and cheat tools which would actually steal the gamers’ credentials.

Source Cyware Bleeping Computer
Cybersecfill

    A Cybersecurity blog in Nigeria with focus on news, security tips articles and events

    You might also like More from author

    Leave A Reply

    Your email address will not be published.

    >