Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block SilentCryptoMiner malware that is designed to secretly mine cryptocurrency #770

Closed
1 task done
summercms opened this issue Mar 9, 2025 · 0 comments
Closed
1 task done

Block SilentCryptoMiner malware that is designed to secretly mine cryptocurrency #770

summercms opened this issue Mar 9, 2025 · 0 comments
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request FINSIHED FINSIHED Priority: Medium Priority: Medium Testing - Passed Testing - Passed

Comments

@summercms
Copy link
Contributor

summercms commented Mar 9, 2025
edited
Loading

Enhancement idea

  • Block SilentCryptoMiner malware that is designed to secretly mine cryptocurrency.

Description

Summary

A mass malware campaign that infected over 2,000 users in Russia with a miner disguised as a tool for bypassing blocks based on deep packet inspection (DPI). The campaign used a popular YouTube channel with 60,000 subscribers to distribute the malware, which was disguised as a legitimate tool for bypassing restrictions. The malware, called SilentCryptoMiner, is a covert miner that mines multiple cryptocurrencies using various algorithms. The campaign also used Telegram and other YouTube channels to distribute the malware.

Key Points

  • Over 2,000 users in Russia were infected with the malware
  • The malware was disguised as a tool for bypassing blocks based on DPI
  • A popular YouTube channel with 60,000 subscribers was used to distribute the malware
  • The malware is a covert miner that mines multiple cryptocurrencies
  • The campaign also used Telegram and other YouTube channels to distribute the malware

SilentCryptoMiner

SilentCryptoMiner is a type of malware that is designed to mine cryptocurrency without the user's knowledge or consent. It is a covert miner that uses the computing power of the infected device to mine multiple cryptocurrencies, including Ethereum (ETH), Ethereum Classic (ETC), Monero (XMR), and others.

Key Features

  • Stealthy operation: SilentCryptoMiner is designed to operate secretly, without the user's knowledge or consent.
  • Cryptocurrency mining: The malware uses the computing power of the infected device to mine multiple cryptocurrencies.
  • Process hollowing: SilentCryptoMiner employs process hollowing to inject the miner code into a system process (in this case, dwm.exe).
  • Remote control: The malware can be controlled remotely via a web panel.
  • Indicators of running in a virtual environment: SilentCryptoMiner checks for indicators of running in a virtual environment and checks the size of the executable itself, which must be at least 680 MB and no more than 800 MB.

Detection and Removal

SilentCryptoMiner is a type of malware that can be difficult to detect and remove. It is recommended to use anti-virus software and other security tools to detect and remove the malware.

Screenshots

n/a

Links

https://securelist.com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

9x9o.com
canvas.pet
gitrok.com
swapme.fun

Package Names

n/a

IP's

150.241.93.90
193.233.203.138

ASN's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request FINSIHED FINSIHED Priority: Medium Priority: Medium Testing - Passed Testing - Passed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@summercms