BlackSquid

BlackSquid Description

With the rise of popularity in cryptocurrencies, came the rise of cybercriminals finding various ways to exploit this. The better-built cryptocurrency miners manage to remain undetected by the victim and exploit the user's computer for as long as possible guaranteeing maximum profit for the attackers.

The authors of the cryptocurrency miner that we will talk about today, the BlackSquid miner, have made sure that their piece of malware will stay under the radar of cybersecurity researchers. They have achieved this by implementing several tests, which the BlackSquid miner performs on the system it lands on. The objective of these experiments is to establish whether the machine infiltrated is a sandbox environment. This is established based on whether the computer is running any malware debugging software. If the results show that the PC is, in fact, a sandbox environment, the BlackSquid miner will cease all its activity and mark the computer so that it will be avoided in the future.

However, if the tests for malware debugging software being present return negative, the BlackSquid threat will begin its attack by checking what versions of the Rejetto HFS, Apache Tomcat, and ThinkPHP Web server applications are being run to determine whether it will be able to exploit a potential vulnerability. Since the BlackSquid miner tends to target Web servers, the attackers have employed the leaked NSA exploits called DoublePulsar and EternalBlue. They are used to propagate the threat's files to the rest of the potentially vulnerable systems linked to the same network. The BlackSquid is programmed to mine the cryptocurrency Monero.

Then, the BlackSquid Miner would proceed to deploy the attacker's variant of the open-source XMRig miner. The miner is configured to use a mining pool preferred by the perpetrators, and it also will work with the wallet address they provide, therefore ensuring that they will be sole receivers of the mined Monero coins.

Despite the BlackSquid miner not collecting from its victims directly, it is still a dubious program. If it gets to run on an infected computer for a prolonged period, it is likely that it will reduce the lifespan of some computer parts greatly. However, if you download and install a legitimate anti-spyware application, you would be able to clear the BlackSquid miner of your system rather easily.

How Can You Detect Malware?

Download SpyHunter's Detection Scanner
to Detect Malware.
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.