A new malware campaign, identified by Kaspersky, deploys a cryptocurrency miner called SilentCryptoMiner, hidden as a tool for bypassing internet restrictions. This trend shows cybercriminals exploiting Windows Packet Divert tools for distributing malware across unprotected systems. The campaign, affecting over 2,000 Russian users, spread through malicious archives shared via popular platforms like YouTube. Attackers further impersonate developers, threatening content creators to promote these malicious links. This reflects a worrying evolution in tactics used for malware distribution, as users remain vulnerable to such deceptive practices.
Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives.
This plays into the hands of attackers by allowing them to persist in an unprotected system without the risk of detection.
The latest twist in this tactic is a campaign that has compromised over 2,000 Russian users with a miner disguised as a tool for getting around blocks.
The booby-trapped archives have been found to pack an extra executable, with one of the files being the SilentCryptoMiner.
Collection
[
|
...
]