• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Trojan Disguised as Trend Micro Component Drops Bitcoin-Mining Malware

Trojan Disguised as Trend Micro Component Drops Bitcoin-Mining Malware

  • Posted on:December 7, 2012 at 1:17 pm
  • Posted in:Malware
  • Author:
    Julian Ponce (Threat Response Engineer)
1

Malware writers have devised lots of social engineering tactics to lure users into their scheme. This time around, we saw a Trojan passing itself off as a Trend Micro component as a way to trick users into downloading and executing it.

We recently encountered a file and noticed the following properties (see below). For the untrained eye, this file can be mistaken as a Trend Micro product/component. But during our analysis, we verified this file as a Trojan in disguise. We believe that by spoofing Trend Micro properties, the people behind this threat are hoping to trick unwitting users into executing the file. This malware is already detected by Trend Micro as TROJ_RIMECUD.AJL.

When user executes TROJ_RIMECUD.AJL, it creates the process svchost.exe where it injects its malicious code. Once done, the malware downloads a component package (refer to Figure 2).

This downloaded package contains a bitcoin miner application created by Ufasoft. We detect this bitcoin app as HKTL_BITCOINMINE.

Bitcoin is considered digital currency and can be used to pay certain transactions online. This attack is timely because of the news that Bitcoin Central has been approved by the law to function as a bank where exchange from Euro and Bitcoins are now possible.

For the past years, there have been cases wherein systems are infected with Bitcoin-mining malware and turning them into unwilling “miners”.  In turn, these (systems) churn Bitcoins for the benefit of the bad guys while the affected users are left in the dark.  Besides generating profit for its authors, this malware consumes too much of the system’s resources. In sudden slowdown of the system always check your running processes and search for unknown running application. This occurrence maybe caused by a possible infection of Bitcoin mining activity.

To avoid becoming victim to this scheme, users must be extra-cautious when downloading applications, files found on the internet. Better yet, refrain from visiting unknown websites and clicking ads or shortened URLs contained in email messages from unverified sources.

To know more about the threat that certain bitcoin mining apps pose, check out our previous blog posts below:

  • Cybercriminals Have Their Eyes Set on Bitcoin
  • BitCoin Mining Botnet Found with DDOS Capabilities
  • Malicious Links on Twitter lead to Bitcoin-mining
  • TDL4 Worm Component Employs Bitcoin Mining

The Trend Micro Smart Protection Network™ detects and deletes TROJ_RIMECUD.AJL and HKTL_BITCOINMINE, if found on user’s system.

Related posts:

  • A Closer Look at Unpopular Software Downloads and the Risks They Pose to Organizations
  • Uncovering Unknown Threats With Human-Readable Machine Learning
  • Cryptocurrency-Mining Malware Targeting IoT, Being Offered in the Underground
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: bitcoinMalware

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
  • Windows App Runs on Mac, Downloads Info Stealer and Adware
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures

Popular Posts

  • Going In-depth with Emotet: Multilayer Operating Mechanisms
  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.