Attempts To Remove WinstarNssmMiner Result in System Crash


Newly detected Monero miner threat named WinstarNssmMiner infecting the user’s computer all around the world and makes it quite difficult for the users to terminate it from their systems. Windows users infected with this new malicious Monero miner cryptojacking malware will be surprised to find that the threat crashes their machine completely whenever they try to eliminate the program from their machine. Although, WinstarNssmMiner is a new cryptojacking virus which was reported by the security researchers on a blog post published on May 16th, 2018.

According to the security researchers, this nasty Monero miner threat has already stolen enough process power of the victim’s computers in order to gather 133 Monero cryptocurrency which worths around 19,700 Euro, based on the current exchange rate. At the time of writing this security article, this WinstarNssmMiner malware has conducted more than 500,000 attacks in just three days after it gets released over the Internet and also seems to be attacking the user’s computers in large number. Although, the WinstarNssmMiner virus works on the infected system by creating two processes of svchost.exe.

Here, the first one is identified to conduct the mining process and the second process released by WinstarNssmMiner is aimed to avoid the detection of installed or active anti-virus program. The hackers behind this malware blocks the user’s authorization to remove WinstarNssmMiner just by terminating its malicious processes from the system. This is because, the threat injects harmful codes into the processes like svchost.exe and then sets its attribute to the CriticalProcess. As a result, any kind of action taken by the PC users to delete WinstarNssmMiner and its related processes from their machine causes system crash in return.

In reaction to the vicious technique used by the threat actors in WinstarNssmMiner malware, researchers said that it is quite surprising for them after seeing a cryptominer infection is so brutal. This Monero miner virus is so unusual, because the payloads of this malware wants to run on the infected machine for a prolonged period of time and tries to remain undetected as well. In order to avoid its removal when installed anti-virus program detects its presence of the system, then WinstarNssmMiner malware crashes the affected machine which is considered as a last-effort of this threat.

Also Read: Fake SpriteCoin Cryptocurrency Spreading Ransomware & Spyware

At last, the WinstarNssmMiner malware does that by setting itself as a critical system process. Therefore, Microsoft will be forced in near future to alter which Windows processes are allowed to set those flags. In addition to that, WinstarNssmMiner virus also checks for the reputable anti-virus tools and if found any, the threat quits itself from the targeted systems. To accomplish its illicit tasks, the threat turn off the less effective anti-virus tool that it detects on the machines. It might be possible that WinstarNssmMiner is propagated through exploit kit, intrusive ads or phishing websites that targets Windows systems.