The experts of 360 Total Security has detected new miner WinstarNssmMiner which is used for Monero mining. One of the features of this malware is that "it turns off antivirus protection of defenseless foes and backs off when facing sharp swords. As a result, users without a decent antivirus product have to live with the slowness and the blue screens of their computers," the company post reads.
According to the company blog report, the WinstarNssmMiner infects a computer with malware code in svchost.exe. As a result, it creates two processes: the first process is for mining, while the second one is in the background mode monitoring the antivirus actions.
After that, the malware changes CriticalProcess, adding an attribute that allows it to crash the system.
Moreover, the study showed that the miner scans infected computer for antivirus software – it will suspend activity in case of powerful antivirus software on the computer, like Kaspersky or Avast, whereas in case of less effective protective software, WinstarNssmMiner will slow down the computer performance, cause BSOD or affects any work on the infected computer using the capacities for mining.
According to the reports, this miner has made some 500,000 attacks, generating about $26,000 in Monero terms for its developers.