Find malicious code based on the sound of a computer fan
After listening to an unusual computer fanatic, a security engineer discovered the device accessing a website loaded with cryptocurrency mining malware.
On Windows computers, the fan often spins at high speed when the CPU is doing heavy work or when the OS is being updated. But that day the fan suddenly started spinning and it had been more than three minutes and it was still running at full speed,” explained the security expert. a bird Shared on the WhiteHat forum.
Like other Windows users, he immediately opened the Process Explorer tool to check, but found no resource-consuming processes related to Windows Update. Instead, the Chrome browser process consumes up to 50% of the CPU.
Dive further into Chrome Task Manager tool, a bird Locate the browser that connects to the website Automatic mixing. It is a website that allows users to complete tasks or enter codes into websites to earn cryptocurrency. The strange thing is that he never visited this site.
This engineer identified the other website visited by comparing it to previously opened websites using the DevTools tool. Once that page is loaded, the request will be redirected there. Automatic mixing.
The website is mined using a cryptocurrency mining tool. See: wfh
“You can imagine part of the problem here. This website was used, malicious code was injected into my virtual currency. When I visited the website, the malicious code was executed directly from the browser into the virtual currency, causing the CPU fan to spin.”, a bird Determine
According to this member, there are two reasons why the website loads with malicious code. First, because this site is based on WordPress 5.3.2, which is an older version, and has many exploitable vulnerabilities. Also, the site administrator might have entered malicious code himself.
The technique of using malicious code to obtain virtual currency is also known as cryptocurrency. Hackers distribute malicious code to computers and use the device’s resources to mine digital currencies. This type of malicious code does not harm victim’s data, but consumes power, shortens device lifespan and is illegal.
Cryptojacking has been around in Vietnam for years. According to a 2018 Bkav report, more than 139,000 devices in the country were infected with the virtual currency mining software W32.AdCoinMiner. This type of attack has grown in popularity since many cryptocurrencies have surged in value over the past year.
follow up International brand nameThere are two main encryption methods for malware. One is to install stealth programs on your computer and use them unnoticed when the device is connected to the internet. The second is the use of exploit software in the victim’s browser through scripts embedded in web pages. If yes wfh It can be assigned to the second group.
Some of the telltale signs that a computer is infected with virtual currency mining malware are: abnormally high electricity bills, overheating, a slow or overloaded computer or router.
Lu Kui