WinstarNssmMiner Cryptojacking

When we talk about the WinstarNssmMiner Cryptojacking you may ask what is crypto-jacking and a good answer to that is given by Hackerbits.com:

"Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency. Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency. Here’s the bad news… In-browser cryptojacking doesn’t need a program to be installed."

WinstarNssmMiner is categorized as a CPU Miner Trojan that is using the processing power of compromised PC users to earn money for its admins. However, the WinstarNssmMiner Trojan behaves a little different from Minergate and the Team.exe CPU Miner that we have already covered. WinstarNssmMiner is programmed to connect to mining pools via untrusted domains and run two processes on the infected computers.

Researchers reported that the WinstarNssmMiner Trojan loads a corrupted version of ‘svchost.exe’ that is used to hijack processing power and mine for Monero (XMR). There is a second process also named ‘svchost.exe,’ which has a very different purpose. The WinstarNssmMiner has shown that it can crash Windows systems when users and AV engines attempt to delete it and quarantine it.

Lab tests have confirmed that WinstarNssmMiner is scanning computers actively for some AV engines that can interfere with its work and utilizes the process attribute "CriticalProcess" so that it can crash host machines if removal attempts are made.PC users may be infected through pirated software and phishing emails that include an attached PDF file. It is recommended to eliminate the WinstarNssmMiner Trojan by booting in Safe Mode on Windows and using a reputable cybersecurity product.