Coin mining trojans appeared not so long ago, getting the fame of “not so dangerous virus”. In one of the previous articles, I mentioned the trojan-miner as one of the most active trojan types nowadays. But they are too interesting to be described in only several sentences. In this article, you will see the reasons for their appearance, main functionality, and the description of their real harmfulness.
Milestones in history
The reasons for the appearance of trojan-miners are quite obvious, when the initial cause is explained. Bitcoin is not a simple cryptocurrency, but while there was no hype in the media, it was not interesting for people. When the first cryptorush started in 2017, more and more people got interested in an equity unit that can grow for 20-30% per month. In addition, the Bitcoin price boom forced the appearance of other cryptocurrencies, so-called altcoins – Ethereum, Litecoin, Ripple and others.
Big money that rolled in the cryptocurrency environment attracted even bigger money. And where the big money is rolling, individuals or groups of ones who want to have a bite of this bankroll using the outlaw methods are present, too. There are two ways of earning the cryptocurrency: getting paid in *coins for the goods or service you offered, or to mine the cryptocurrency blocks, getting a commission fee for each mined block. While the first method can barely be turned into fraud for obvious reasons, mining has no problems with it.
Why do you need to purchase an enormously expensive mining farm, when you can just inject a virus into hundreds of other computers and use them as your own farm? Pretty logical solution, that is used actively by cybercriminals. The graph below shows the comparison of coin miners activity depending on the price of Bitcoin, that have become something like the main index for the whole cryptocurrency market. The curve shows the clear correlation of trojan-miners popularity with the cryptocurrencies price.
After the big crash of the Bitcoin, as well as other coins, coin mining trojans lost their popularity. Since 2019, when the two large spikes of Bitcoin price occured, coin miners turned on, and in 2020 they showed a new activity peak.
Types of trojan-miner
Trojan miners divide on two separate categories – desktop and in-browser. The names of these types describe themselves: one launches together with your browser, another starts in your system, regardless of the other running programs. Hence, the effects of this trojan activity can be spotted exactly after the Windows launch, or only after the browser was launching. The in-browser type is the most popular for some reasons, having about 72% of total trojan-miner detections.
Why are they dangerous?
A lot of people think that trojan-miner carry no real danger for their PCs, besides the CPU/GPU loading. “Computer is just a pile of silicon on a textolite plate. What can go wrong if the components are working on their near-peak performance for some time?”. Unfortunately, such actions can break something important. The programs, that may use a large part of your hardware capacity, are switching the loaded devices dynamically, so the chance that one of the modules will stop working is minimal. However, trojan-miners do not care about your processor or graphic card. They will load your hardware as hard as they can, because their task is to mine the coins, not to keep the victim’s PC working properly.
Overheating the processor may lead to its burnout; if the CPU is soldered on the motherboard, the solder may easily get softened, so the component may slide down from its place. The chip is also extremely sensitive to overheating, and the temperature limits are usually set based on the common usage – rendering, gaming, program developing, etc. Overloads that are usual for the trojan-miner activity are more similar to ones that can be seen in the benchmarks1, where the CPUs are running on the limits of their abilities. Same things may be said about the GPU, that are usually used on mining farms due to the specific features of graphics processors.
As you can see, coin miners can make much more serious hazards. While other viruses create intangible effects (which can still be priced in dollars), this type of trojan virus can break your computer physically, so neither anti-malware software, nor Windows reinstallation will help. The best solution is to delete the trojan-miner as soon as possible.
How did I get this virus?
How can I remove the trojan-miner?
Manual coin miner removal is likely impossible, despite the ease of this operation at the first sight. The trojan-downloader which injected the trojan-miner will just recover the last one if you try to delete the .exe file. Miners that are distributed inside of the adware bundle usually can recover themselves, thanks to the special module built in every such virus. To be sure that nothing excessive uses your hardware, you need to utilize the antivirus tools.
I’d recommend you to use Loaris Trojan Remover. It was originally created to deal with the trojan viruses, so this one will not be a problem for it.
After the installation, run Loaris and launch the full scan. It may last for 10-15 minutes, so be patient
When the scan is finished, press “Apply” to delete all detected viruses. Be sure, the trojan-miner will be wiped out, and nothing will menace your PC.