Feedly:Fortinet Blog | News and Threat Research - All Posts. Obfuscated Bitcoin Miner Propagates Through FTP Using Password Dictionary

from Fortinet Blog | News and Threat Research - All Posts

Although bitcoin miners have been used by cybercriminals before as a way to monetize their malicious activities, this recent sample (MD5: 522f8ba8b2dec299cc64c0ccf5a68000) caught our attention because it is unusually heavy, persistent, and obfuscated. Fortinet detects this threat as W32/Miner. (3)Threat DescriptionThis malicious bitcoin miner is, in fact, a container of multiple files. Since NSIS (Nullsoft Scriptable Install System) was used to create the malware sample, the files that it contains can be seen using a file archiver such as 7-Zip....