The new miner virus BlackSquid, aimed at the hidden mining of cryptocurrency Monero, began to actively spread mainly on the devices of residents of the United States and Thailand. This was reported by cybersecurity experts from Trend Micro.
The virus spreads through malicious websites, servers, USB-drives, and network drives. At the same time, it uses vulnerabilities of EternalBlue and DoublePulsar, as well as server vulnerabilities CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and three errors in the ThinkPHP web application.
Interestingly, the virus is installed only if it believes that it will remain unnoticed. If BlackSquid detects that it was running in a virtualization environment, or it finds debugging tools, then it does not use malicious functions.
After infecting one computer, the virus spreads to other devices on the local network. Then he downloads the miner XMRig and begins to mine cryptocurrency. At the same time, if the program detects the presence of a video card in the system, then it starts extracting coins using the GPU.
Information security specialists stress the importance of timely system updates. They also note that the maximum activity of BlackSquid was seen last week, and most cases of infection were recorded in the United States and Thailand.