A new Trojan has been discovered by Emsisoft, producer of PC security software. This is no garden-variety Trojan, however, it is a curious hybrid of bitcoin-mining malware and ransomware.
Whereas most ransomware directly attacks your PC or encrypts files stored on its drives, 'Trojan-Ransom.Win32.Linkup' blocks internet access by modifying your DNS and turns your computer into a bitcoin-mining bot at the same time.
Luckily, it shouldn’t be hard to spot when your system has been infected. ‘Linkup’ blocks all internet access bar a bogus Council of Europe website, which will demand personal information and a ‘payment method’ (read ‘ransom’) to unblock your access. Needless to say the Council of Europe has absolutely nothing to do with your internet access and you should not pay anything or enter personal details to regain your service.
In addition to messing around with the DNS, Linkup can also link up to a remote server and pressgang your PC into service as a bitcoin-mining bot. This is carried out via a downloader called 'pts2.exe', which extracts a second file, named 'j.exe', onto your computer. This is, in fact, a popular piece of mining software called 'jhProtominer'.
The damage that is likely to be inflicted by the Trojan is limited. jhProtominer only works on 64-bit operating systems, but, even so, that still leaves plenty of computers around the globe to infect.
Malware losing the mining battle
says it will keep a close eye on Linkup as it evolves. Since it is an unusual mix of ransomware and bitcoin-mining malware, it is in a class of its own. Luckily the company has already come up with a way of detecting Linkup and says that the Trojan should not be too dangerous, provided it does not metamorphose into something more sophisticated.
Bitcoin-mining malware is becoming increasingly common, but developers of these malicious programs are actually fighting a losing battle. As bitcoin's hash difficulty goes up, the mining power achievable with hijacking standard PCs decreases exponentially.
Furthermore, security firms are starting to take notice of the new trend in malware, and just a few weeks ago Microsoft helped destroy the Sefnit botnet, which was also stealing bitcoin mining capacity from people’s PCs. Several other illicit bitcoin mining operations have recently gone the same way.
Malware image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.