Advertisement short links contain mining Trojans, and more than 15 million computers worldwide have become "mining machines"

With the rapid development of Internet technology and social software, more and more people are familiar with beautiful and convenient short links, and using short links to jump to long URLs has become a common way for netizens to share links. However, since short links hide the long URLs they point to, users often cannot know the type of URL they actually point to from short links, so there are frequent incidents of computers being infected by accidentally clicking on infected short links.

Recently, Tencent Yujian Threat Intelligence Center detected a mining Trojan named NovelMiner, which was widely spread in advertising short links. According to statistics, more than 15 million users in more than 100 countries around the world downloaded the NovelMiner mining Trojan by mistakenly clicking on the infected advertising page, causing their personal computers to become mining machines for criminals.

At present, Tencent Computer Manager has intercepted and killed the Trojan virus in real time, and reminded users to strengthen prevention and not to open links from unknown sources at will. At the same time, Tencent Computer Manager's "Anti-Mining Protection" function has covered all versions of users, which can intercept and warn in real time the operation of various mining Trojan programs and web pages containing mining js scripts, ensuring that users' computer resources are not occupied and have a light Internet experience.

(Photo: Tencent PC Manager intercepts mining Trojans in real time)

It is reported that the NovelMiner mining Trojan discovered this time makes profits by mining ETN coins (E-lifang coins). As a branch of the new favorite Monero coin, ETN coins are favored by criminals due to their huge issuance volume and low mining computing power requirements. Under the manipulation of illegal hackers, the download link of the NovelMiner mining Trojan is hidden in a short link. Since the Trojan file name is not exposed in the link, it is difficult for users to distinguish the authenticity of the link before clicking. It is easy to mistakenly download the mining Trojan, causing the computer to slow down and freeze due to the occupation of CPU resources, and even affecting the system operation.

After tracing the source of the NovelMiner mining trojan, Tencent Yujian Threat Intelligence Center found that the origin of the Trojan in short links can be traced back to March 2017, and it has now developed to version V4. Based on the daily peak computing power controlled by the new version of the Trojan in the world, a single account and a single currency can obtain 90,000 ETN coins per month, which is about 3,000 US dollars. The NovelMiner mining trojan is currently using more than 10 mining pool accounts.

From the machine name of the NovelMiner mining trojan author, we can see that the author of the virus belongs to the Russian-speaking region. So far, the mining trojan has affected 100 countries around the world and infected more than 15 million machines, with Russia, China, and Thailand being the most seriously affected. From the distribution of affected provinces and cities in China, the eastern coastal areas and the northeastern region close to Russia are more affected.

(Figure: Distribution of the impact of NovelMiner mining trojan in China)

In the face of the continued rampant mining Trojans, Ma Jinsong, head of Tencent Security Anti-Virus Laboratory and Tencent PC Manager security expert, reminds users: Do not click on strange links from unknown sources at will; downloading exe files after short link jumps is very dangerous, and if found, they should be terminated immediately; if the computer is found to be slow, the CPU usage should be checked immediately, and any suspicious processes should be closed in time; keeping security software such as Tencent PC Manager in normal operation can effectively defend against most Trojan viruses.