Tencent captures Russian "all-powerful mining Trojan" that invades more than 40 countries and infects tens of thousands of computers

Recently, Tencent Yujian Threat Intelligence Center detected a mining Trojan from Russia, which is being widely spread through Windows, Office and other software registration machines and cracking tools. In addition to mining, the Trojan can also leak user privacy, steal cryptocurrency wallet information, and even remotely control infected computers to launch DDoS attacks, making it an "all-round player" in the virus world.

According to monitoring data from Tencent Yujian Threat Intelligence Center, the mining trojan has invaded tens of thousands of computer devices in at least 40 countries around the world, and the scope of influence is further expanding. Currently, Tencent Computer Manager has taken the lead in intercepting and killing the mining trojan, and reminded users to strengthen their defense.

Tencent Yujian Threat Intelligence Center found that this mining Trojan is very powerful: it can not only control the infected computer to mine Monero, but also obtain the infected computer's IP address, machine name, desktop screenshots, process list and other private information and upload it to the illegal hacker's server; steal wallet information of popular digital cryptocurrencies including Bitcoin, Monero, Ethereum, etc.; analyze browser history, try to obtain various account passwords that have been logged in to the infected computer, and obtain credit card information; use the infected computer to launch DDoS attacks, etc., almost integrating the hazards of common Trojan viruses.

Through tracing and analyzing the mining Trojan, Tencent Yujian Threat Intelligence Center found that the Trojan is mainly spread through the registration machines, activation tools, and cracking tools of common office and drawing software such as Windows, Office, and CorelDraw. It also disguises itself as various cracked and complete versions of tool software such as Huisheng Huiying, PowerDVD, and AnyToISO . Once a user accidentally installs the infected software, the Trojan will run on his computer.

Tencent Yujian Threat Intelligence Center quickly identified the author of the mining Trojan as the Russian hacker Foxovsky. From the information he left on the Russian forum, it can be seen that Foxovsky is very good at virus black industry technologies such as Trojan production, penetration and reverse engineering.

It is worth noting that Foxovsky also has a full-time sales partner, who clearly marked the price of the mining Trojan on the black industry-related forums, which was only 5,000 rubles (equivalent to RMB 513), and was also recruiting agents of the Trojan at a low price.

In the face of the continued rampant Trojan virus, Ma Jinsong, head of Tencent Security Anti-Virus Laboratory and Tencent PC Manager security expert, reminds users that there is a high probability that criminals will implant virus Trojan programs in pirated cracking tools. Be cautious when using cracking tools, registration machines and related activation tools for Windows, Office and other software, and try to avoid downloading software programs from unknown sources. In addition, before downloading and using software programs, scan them with security software such as Tencent PC Manager, which can effectively intercept and kill most Trojan viruses and ensure the security of personal Internet information and devices.