Sapphire Miner

Cybersecurity researchers have found the Sapphire Miner being offered for sale on underground hacker forums. Access to the threat can be obtained for just €75. As its name suggests, the threat is a miner that can overtake the hardware resources of the breached systems and utilize them to mine for specific cryptocurrencies - Monero (XMR), ERGO, Ethereum Classic (ETC) and Ethereum (ETH).

The threat is equipped with several anti-detection features. It can bypass WIndow Defender, hide its process from appearing in the system's Task Manager and avoid being uncovered by ProcessHacker tools. In addition, the Sapphire Miner set itself to receive administrator privileges every time it is launched.

Which cryptocurrencies will be mined, is dependent on the available hardware resources of the infected device. If the system has less than 2GB of VRAM, the Sapphire Miner will mine only Monero coins. On computers with 3GB, the threat will generate coins for both Monero and ERGO. If there are 4 or 5 GBs of VRAM, the attackers can instruct the Sapphire Miner to use the resources for ETC + XMR or ERGO + XMR. Finally, on devices with 6 or more GBs of VRAM, the malware will mine for ETH + XMR.

The high utilization of the system's resources could result in certain applications and programs becoming unresponsive, freezing frequently or even crashing. More importantly, if the cooling system of the device becomes overwhelmed due to the excessive heat generated by the constantly utilized hardware parts, it could cause malfunctions or even permanent damage.