KingMiner, Monero-Mining Malware, Uses Evolution to Bypass Security Measures, Research Firm Finds

Improvise. Adapt. Overcome.

This military mantra has rung true on the KingMiner cryptojacker as research firm Check Point Research found that the cryptocurrency mining malware constantly changes to avoid detection by many security software.

The report explained that KingMiner—a malware specialized for mining GPU-friendly privacy coin Monero (XMR)—uses “simple evasion techniques” to bypass security measures employed by the cryptojacking victim’s desktop PC.

Cryptojacking is a malicious attack in which hackers use the computing power of an infected computer to mine cryptos without the knowledge of the owner.

The research firm suggested that KingMiner uses a private mining pool to avoid detection of security software. In addition, since the malware was first noticed in June 2018, KingMiner has included new features and methods in eluding recognition by anti-malware programs.

Most of KingMiner’s targets are from all across the world, including Mexico, India, Norway, and Israel.

Check Point Research said:

“Since its first appearance… the malware continuously adds new features and bypass methods to avoid emulation. In addition, as part of the malware’s ongoing evolution, we have found many placeholders for future operations or upcoming updates which will make this malware even harder to detect.”

The firm added that the use of similar evasion methods would continue to evolve in 2019.

Cryptojackers have used different methods of secretly and illegally mining cryptos as of late. Just this November, a cryptojacking malware was detected on a non-profit organization’s website stealing the computing power of innocent visitors.

| Related: Make-A-Wish Website Visitors Compromised by Crypto Mining Malware