Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Malware developed with Shc has been infecting systems in Korea, according to analysis by the ASEC analysis team, and is believed to be used by threat actors to install CoinMiner.
Coincheck, a major cryptocurrency exchange in Japan, said the malware is installed on your computer when you visit the following websites:
- www .hitmeup247 .com
- www.coinminerhackz .com
- www .bitcoinminingz .com
There are reports that the malware has been infecting computers in Korea since at least the start of this month. The malware was discovered by a researcher living in Japan who was tracing CoinMiner, which is also known as CoinMiner2.0, a malware which was found on Coinhive miners that have infected computers around the world.
The researcher found that many CoinMiner2.0 infections had been using a trojan downloader to install CoinMiner into your PC. This program was based on Shc, which was developed by a hacker group called DarkHotel (a hacking team located in China).
The trojan downloader is commonly used by threat actors, but they rarely use CoinMiner 2.0. CoinMiner 2.0 is usually only used by threat actors who want to use multiple infections in a single campaign or if they need access to more money without stealing it from the same cash-out address (the same address your money will be sent to when you cash out).
Source: Shc Linux Malware Installing CoinMiner - AlienVault - Open Threat Exchange