BlackSquid Malware Exploiting Web Servers to Mine Monero (XMR)

Per the team, the notorious malware uses “multiple web server exploits as well as brute strength” to wreak havoc on its hosts. Reportedly, BlackSquid has several features that make it quite deadly.

The malware comes with highly functional anti-virtualization, anti-debugging, and anti-sandboxing features that enable it to discontinue installing itself on its victim’s system once it discovers the presence of a strong anti-cyber threat tool.

BlackSquid also employs some of the most dangerous exploits currently in existence, including EternalBlue, a security flaw present in the Windows SMB 1.0 (SMBv1) server, allowing attackers to execute arbitrary code in a victim’s system remotely.

Once BlackSquid successfully plants itself in a machine, it pauses its activities for a while, to ascertain whether the host is equipped with known hardware emulators or sandbox tools like Avira, wilbert-sc, and others that could detect its presence and block it.

The researchers said:

Read More at BTC Manager