With the rise of popularity in cryptocurrencies, came the rise of cybercriminals finding various ways to exploit this. The better-built cryptocurrency miners manage to remain undetected by the victim and exploit the user's computer for as long as possible guaranteeing maximum profit for the attackers.
The authors of the cryptocurrency miner that we will talk about today, the BlackSquid miner, have made sure that their piece of malware will stay under the radar of cybersecurity researchers. They have achieved this by implementing several tests, which the BlackSquid miner performs on the system it lands on. The objective of these experiments is to establish whether the machine infiltrated is a sandbox environment. This is established based on whether the computer is running any malware debugging software. If the results show that the PC is, in fact, a sandbox environment, the BlackSquid miner will cease all its activity and mark the computer so that it will be avoided in the future.
However, if the tests for malware debugging software being present return negative, the BlackSquid threat will begin its attack by checking what versions of the Rejetto HFS, Apache Tomcat, and ThinkPHP Web server applications are being run to determine whether it will be able to exploit a potential vulnerability. Since the BlackSquid miner tends to target Web servers, the attackers have employed the leaked NSA exploits called DoublePulsar and EternalBlue. They are used to propagate the threat's files to the rest of the potentially vulnerable systems linked to the same network. The BlackSquid is programmed to mine the cryptocurrency Monero.
Then, the BlackSquid Miner would proceed to deploy the attacker's variant of the open-source XMRig miner. The miner is configured to use a mining pool preferred by the perpetrators, and it also will work with the wallet address they provide, therefore ensuring that they will be sole receivers of the mined Monero coins.
Despite the BlackSquid miner not collecting from its victims directly, it is still a dubious program. If it gets to run on an infected computer for a prolonged period, it is likely that it will reduce the lifespan of some computer parts greatly. However, if you download and install a legitimate anti-spyware application, you would be able to clear the BlackSquid miner of your system rather easily.