The new type of fileless malware, known as CoinMiner, can create a lot of problems for PC users and antivirus software developers. CoinMiner is difficult to detect and stop using typical anti-malware products due to the combination of various unique functions.
CoinMiner uses the EternalBlue exploit kit to infect victim’s machine. Once the infiltration is complete, it gets access to the WMI toolkit (Windows Management Tools) in order to run commands on the affected system. CoinMiner also interacts with the device’s memory (as a fileless malware) and uses extensive capabilities of malicious C&C servers to activate various scenarios and components which can be needed to infect the system.
CoinMiner uses WMI to download scripts and other components to ensure smooth operation of the malware and to run the binary code of crypto-miner.
It turns out that the explosive mixture of CoinMiner’s functions can be extremely dangerous for computers with unpatched versions of Windows OS and out-of-date versions of antivirus software.
CoinMiner is not the first malware of this kind. Earlier this year Adylkuzz Miner already used EternalBlue exploit for infiltration process. Meanwhile, CoinMiner is still one of the most advanced fileless crypto-currency miners.