Kankan Video is suspected of using users' computers to mine Ethereum, over a million computers are infected and slow down

Chinanews.com, September 18 (Xinhua) -- Cheetah Mobile's security center found that Kankan Video was suspected of using viruses to control users' computers and make profits through Ethereum mining (a digital currency similar to Bitcoin). Cheetah Mobile's Kingsoft Antivirus has already checked and killed the virus, and Kingsoft Antivirus alone detected about 40,000 infected computers per day, and it is estimated that the cumulative number of infected computers has exceeded 1 million.

According to the technical analysis of the Cheetah Mobile security team, the Kankan video downloaded from the Kankan official website will register components in the registry during installation, and will automatically connect to the Kankan official website (http://***.kankan.com/rbc/task*_v1.2.dat) after booting up, and download the mining module to the local computer.

The virus will detect the user's environment. If there are too many idle system resources, it will use the computer's GPU resources (graphics chip) to calculate Ethereum. Ethereum is a virtual currency similar to Bitcoin. The use of graphics card GPU to calculate virtual currency is commonly known as mining by insiders.

When the virus starts mining, it will generate an Ethash directory in the user directory, and the data size of a single file will exceed 1.5GB. At the same time, it will cause the GPU usage of the user's computer to soar, and the computer will heat up. Since Kankan Video itself is a normal software, it is usually directly trusted by various security software, making this malicious behavior difficult to detect.

"All files related to this virus component have the digital signature of Kankan Video. The digital signature of the file indicates that the file was developed by a certain company and has not been tampered with during the distribution process." Cheetah Mobile security experts said: "In addition, the virus will connect to Kankan's official website and accept remote control of its official website server, which shows that the virus is related to Xiangchao Kankan Company."

Monitoring data from Cheetah Mobile's Security Center shows that this mining virus is detected on approximately 40,000 computers every day, and the cumulative number of infections is estimated to be more than 1 million. Netizens who have installed Kankan Video are advised to use Kingsoft Antivirus to detect and kill the virus.