MassMiner Description

MassMiner is a threatening infection. MassMiner is a worm infection that is associated with a miner of digital currency. Worms like MassMiner are threats that are capable of spreading on their own from one computer to another. MassMiner is capable of spreading throughout a network or server to other computers and devices connected to an infected device. The first reports of MassMiner infections were received in October 2018.

How MassMiner is Being Delivered to Its Victims

Malware researchers have received reports that the Gh0st RAT is being used to deliver MassMiner to victims. A RAT (Remote Access Trojan) like this one may allow criminals to gain access to an infected computer and control it from a remote location, or carry out operations on the targeted device. Criminals use this access to install MassMiner and other malware on the targeted device, to use this malware to profit at the expense of the victim. There are many ways in which the victim's computer can be compromised, which may include brute force and social engineering tactics. For example, one common way in which MassMiner may be installed onto the victim's computer is through bogus documents delivered using social engineering campaigns. Malware analysts have reported several waves of MassMiner infections. MassMiner's initial wave of attacks runs on the victim's computer as 'Taskhost.exe' and uses open source components in its attack. The MassMiner worm installs XMRig on the victim's computer, a well-known digital currency miner that has been weaponized by criminals to take advantage of the victims' computers. MassMiner also will install the RAT mentioned above, allowing criminals to gain access to the infected computer. MassMiner infections are being used to mine Monero using the infected computer's resources.

Once MassMiner Infects a PC, It Can Infect Other Computers

One of the most harmful aspects of MassMiner is that once MassMiner is installed, MassMiner is capable of spreading throughout a network. MassMiner has been known to use a variety of exploits in its attack, often targeting Microsoft SQL servers. Once MassMiner has been installed, it copies itself to the Windows start folder and creates scheduled tasks, allowing MassMiner to run automatically. MassMiner will try to disable various security features in Microsoft SQL and in the Windows firewall to enable its attack. MassMiner identifies targets on the infected computer's network by using 'dialer.exe,' a custom implementation of Masscan, an open source program that is used to scan a network for devices connected to that network. It is important to note that this in itself is not an unsafe component, and it has numerous legitimate application.

How the Criminals Control a Computer Infected With MassMiner

MassMiner establishes a connection with Command and Control servers and uses encrypted data transfer to communicate with its controllers. MassMiner connects to a mining pool to carry out Monero transactions. Using the RAT associated with MassMiner, it can infect increasing numbers of computers and other devices, allowing them to raise their revenue from these attacks. Digital currency mining requires large amounts of processing power, and the more computers involved, the higher the profits. Because of this, a worm like MassMiner has the potential to generate large amounts of money at the expense of computer users. Computer users should take precautions against MassMiner and other malware to ensure that their networks and computer devices are safe from attacks. A security program and other security software should be installed and running non-stop. Any security software should be kept up-to-date regularly, and potential vulnerabilities should be monitored constantly to prevent these infections.