Shadowsocks Miner Trojan
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 9,901 |
| Threat Level: | 90 % (High) |
| Infected Computers: | 442 |
| First Seen: | October 10, 2017 |
| Last Seen: | September 17, 2023 |
| OS(es) Affected: | Windows |
The Shadowsocks Miner Trojan is a detection name given to a program that is used for mining digital crypto-currencies like Monero, Dashcoin, DarkNetCoin and others. The Shadowsocks Miner Trojan is a CPU reliant miner that is very similar to the Moloko CPU Miner and the Gplyra Miner that we covered earlier in 2017. The Shadowsocks Miner Trojan is a threat that was discovered on October 10th, 2017. Computer security researchers alert that the Shadowsocks CPU Miner may be deployed to systems via software bundles and manual hacking of targeted computers. The Shadowsocks Miner Trojan is observed to hijack a little more than 70% of the compromised system's resources for its needs. PC users may notice clues that point to an infection with the Shadowsocks Miner Trojan that include:
- The window resizing may be slow.
- The games may not run smoothly.
- The videos may stutter and open slower.
- Yje program launching may be delayed.
You may be interested to know that the Shadowsocks Miner Trojan appears to be using a modified copy of the Shadowsocks open-source proxy service for its network communications. Hence, the creator of the Shadowsocks Miner Trojan can hide the source of commands to the Trojan. Researchers reported that the Shadowsocks Miner Trojan might be listed as 'Websock.exe' in the Task Manager and feature the description 'CPU Utility.' Soon after 'Websock.exe' is loaded, users may notice a second process dubbed 'Service.exe,' which has the description 'taskxmr.' Both processes are connected to the Shadowsocks Miner Trojan and serve as a communication module and the engine that handles the digital mining operations.
The rise in prices for Bitcoin and other digital currencies, as well as the expanding support for digital payments recorded from February 2017 to September 2017, may explain why we are seeing many new Trojan miners on the threat landscape. It is not surprising that threat creators may seek to take advantage of the modern day "Gold fever" and use spam emails, zero-day exploits and fake software updates to spread programs like the Shadowsocks Miner Trojan. It is recommended that PC users employ the services of a reputable anti-malware solution that can prevent Trojan miners from hijacking your system resources for the benefit of Black Hat hackers.
