How not to become a victim of hidden cryptocurrency mining
Cryptocurrency mining Today it has gained an overwhelming popularity. There are a lot of videos on the web explaining how to do it at home. However, today we offer a slightly different perspective on the cryptocurrency mining process.
Modern trading is impossible without using computers. Every trader starts his working day by turning on his machine, launching trading terminals, necessary applications and browser tabs. And it is precisely at these moments that he risks becoming a victim of the very same mining, only hidden.
Hidden Mining: What It Looks Like
For the personal computers used by almost all traders, there are currently three most common operating systems: Windows, Linux and OS X.
The latter two have a peculiar architecture, which significantly reduces the probability of "catching" a virus. In addition, Linux and OS X have a relatively small number of users, so writing viruses for these operating systems is quite unpopular and sporadic.
The Windows operating system, which is used by 9 out of 10 traders, is another matter. Writing all kinds of malicious programs "for Windows" is very common - just remember the e-mails about millions of inheritances, etc. that end up in the "Spam" folder. Running any unfamiliar file on your machine carries potential risks and can install a virus-miner on it.
How to detect and remove the hidden mining virus
The simplest and most uncomplicated viruses start to fully utilize the power of your PC for mining. As a result, The computer begins to slow down terribly.
To detect such a primitive virus-miner, the technical department of Fortrader magazine explains, is simple enough - you need to open Task Manager and see which of the processes uses the most system resources. It will be the virus that mines cryptocurrency on your PC for intruders.
Naturally, such a virus is unlikely to be called a cryptominer. Most likely, it will be disguised as a system process or a fairly well-known program: opera.exe, skype.exe, etc.
In order to detect a forgery, you need to check the location of this file. To do this, right-click on the process and click on "Open file location".
If the process is a disguised miner virus, its file will not be located in the original folder.
Another sign of a hidden miner is user rightsThe system process can't run as a normal user. As you understand, the system process cannot run as a normal user.
If you have become a victim of hidden mining in this form, it is easy to "cure". You need to complete the process, clean your computer with an effective antivirus, and most importantly - remember where you could have picked up this miner, and make appropriate conclusions for yourself.
How miner viruses disguise themselves and how to deal with it
Probably even a novice user knows that if a computer starts to slow down, most likely it has a virus and needs to be cleaned. For this reason, virus-miner authors use different disguises for their dark deeds. Here are three of the most common ones.
1 way: disguising the virus as a service
If a virus-mailer is disguised as a service, you will not see any separate process in Task Manager. The system resources will be used by some svchost.exe, which is a perfectly legitimate system process. If it is terminated, your Windows will probably just freeze up.
What to do in this situation? You can search for a service with a suspicious name through msconfig.exe, but there is a much more effective way to detect a hidden miner. The free Process Explorer program is used for this purpose.
Use Process Explorer to find the most resource-intensive process and find related services. After that with the help of Google search resources or Yandex find information about each service and identify the hidden virus-miner.
2 way: not a greedy miner
The second method is not aimed at fast cryptocurrency mining, but at the longest possible lifetime of the miner virus. Such a miner does not rush to pounce on all available system resources, but spends them moderately. At the same time, if a resource-intensive program is launched, such a virus stops its work in order not to slow down the operating system and make its detection more difficult.
Moreover, advanced miner viruses even monitor, for example, the fan speed, so as not to give themselves away when the system is idle by excessive use of computing power.
What to do in this situation? Again, you can search for suspicious processes in Task Manager, however, there are some viruses-mainers that stop their work completely if Task Manager is running, so it is unlikely that you will be able to detect it this way.
The most effective way is to use third-party analogues of the Task Manager in Windows - for example, the same Process Explorer. Free programs like Everest or AIDA64The following table shows you how to install widgets on your desktop to monitor your system load.
The third option: 80 lvl disguise
The third variant of masking the miner virus is the least common and, at the same time, the most dangerous. It is miners using rootkit.
For those who do not know, a rootkit is a set of software that disguises a virus by getting Administrator rights on your computer.
All programs on your computer, without exception, use some system functions for their operation. So, for example, a rootkit miner can replace the "Show all processes" function with "Show all processes except cryptominer.exe". Accordingly, neither the Task Manager nor the most effective anti-virus will be able to detect such a virus-miner.
What to do in this situation? The network activity of rootkit miners is a de-masking feature. In this case, such activity must be monitored directly on the router or a specially organized proxy server on another machine.
The point is that the rootkit needs to maintain constant communication with the mining pool. A normal computer, if left switched on in idle mode, will have practically no access to the Internet. It is against this background that you will notice the presence of a hidden mining virus in your system. If you have detected something like this, you are unlikely to be able to cope with it yourself - you will have to turn to specialists.
Conclusion
No one is safe from mistakes, but armed means forewarned. Remember that you should not download everything from the Internet, and if suddenly your computer began to slow down wildly, or you found out some other suspicious activity on your machine - it is a reason to think about whether someone is mining cryptocurrency for himself using your PC?