PC security researchers have received reports of infections involving XMRiger, which will show up on a computer and then be very difficult to remove. This may be due to an association between XMRig and a rootkit threat, which tends to make it very difficult for computer users and traditional anti-malware software to combat it. XMRig is a miner specifically, a type of threat that is used to make money at the expense of computer users by using the infected computer users to mine Monero, a cryptocurrency. XMRig can cause a computer to overheat and perform poorly, since XMRig uses additional system resources, taking these away from the victim. PC security researchers advise computer users to make sure that they use a reliable security program that possesses anti-rootkit capabilities when dealing with threats like XMRig.
How Threatening is XMRig
Monero and BitCoin miners are not unsafe necessarily, since the way crypto currency like these are generated is by using miners to monetize the computers processing time and resources. However, the con artists will make money off of them by installing them on the victims' computers covertly and then using the victims' resources to mine cryptocurrency but keeping all the profits to themselves. XMRig runs as an executable file named XMRig32.exe on the victim's computer. The Monero currency miner is freely available online, and computer users can download it to mine cryptocurrency for themselves (however, since it uses so many resources, this is typically not profitable to the average computer users). Once XMRig is installed, it will take up a large amount of the computer processing power, in many cases more than 80% of the GPU and CPU resources of the affected computer. XMRig will carry out currency transactions that will generate Monero, but also will cause the affected computer to consume more power, run at hotter temperatures, and present various other issues, which can decrease the computer's life cycle and make it very difficult to be used effectively.
How XMRig is Abused by Con Artists
While anyone can download and use XMRig to generate Monero, con artists can create custom versions of XMRig to carry out their own versions of these attacks. Programmers can modify the main XMRig executable file to install it on other computer users' systems, having XMRig relaying any of the profits and generated currency to the con artists. By compromising numerous computers with XMRig, the con artists can make large amounts of money at the expense of computer users, leveraging the combined power of numerous computers infected simultaneously. XMRig also may be used in conjunction with other threats to attack a computer more effectively or make XMRig more difficult to remove. For example, XMRig may be used in conjunction with rootkits to prevent computer users from observing and removing XMRig with traditional anti-malware software. XMRig will be installed in the following directory:
The files that have been associated with various different XMRig attacks and infections include:
Modified versions of XMRig may be disguised as Internet Explorer updates or similar software. Computer users may observe their computers running poorly and erratically, but may not be knowledgeable about these threats to understand the reason for the attack or the poor performance of their computers. If your computer has been compromised by XMRig, it is important to ensure that your anti-malware program can both detect the rootkits that are used to aid XMRig in its attack, as well as to identify and block IP addresses that are associated with XMRig cryptocurrency mining, which may be used by XMRig on the infected computer to communicate with its Command and Control server and allow the con artists to access the profits of the attack.