Trojan-miner: reasons and methods

Trojan-miner: reasons, distribution, effects

Helga Smith

Coin mining trojans appeared not so long ago, getting the fame of “not so dangerous virus”. In one of the previous articles, I mentioned the trojan-miner as one of the most active trojan types nowadays. But they are too interesting to be described in only several sentences. In this article, you will see the reasons for their appearance, main functionality, and the description of their real harmfulness.

Milestones in history

The reasons for the appearance of trojan-miners are quite obvious, when the initial cause is explained. Bitcoin is not a simple cryptocurrency, but while there was no hype in the media, it was not interesting for people. When the first cryptorush started in 2017, more and more people got interested in an equity unit that can grow for 20-30% per month. In addition, the Bitcoin price boom forced the appearance of other cryptocurrencies, so-called altcoins – Ethereum, Litecoin, Ripple and others.

Graphic of the Bitcoin price
Graphic of the Bitcoin price

Big money that rolled in the cryptocurrency environment attracted even bigger money. And where the big money is rolling, individuals or groups of ones who want to have a bite of this bankroll using the outlaw methods are present, too. There are two ways of earning the cryptocurrency: getting paid in *coins for the goods or service you offered, or to mine the cryptocurrency blocks, getting a commission fee for each mined block. While the first method can barely be turned into fraud for obvious reasons, mining has no problems with it

Why do you need to purchase an enormously expensive mining farm, when you can just inject a virus into hundreds of other computers and use them as your own farm? Pretty logical solution, that is used actively by cybercriminals. The graph below shows the comparison of coin miners activity depending on the price of Bitcoin, that have become something like the main index for the whole cryptocurrency market. The curve shows the clear correlation of trojan-miners popularity with the cryptocurrencies price.

After the big crash of the Bitcoin, as well as other coins, coin mining trojans lost their popularity. Since 2019, when the two large spikes of Bitcoin price occured, coin miners turned on, and in 2020 they showed a new activity peak. 

Types of trojan-miner

Trojan miners divide on two separate categories – desktop and in-browser. The names of these types describe themselves: one launches together with your browser, another starts in your system, regardless of the other running programs. Hence, the effects of this trojan activity can be spotted exactly after the Windows launch, or only after the browser was launching. The in-browser type is the most popular for some reasons, having about 72% of total trojan-miner detections.

Why are they dangerous?

A lot of people think that trojan-miner carry no real danger for their PCs, besides the CPU/GPU loading. “Computer is just a pile of silicon on a textolite plate. What can go wrong if the components are working on their near-peak performance for some time?”. Unfortunately, such actions can break something important. The programs, that may use a large part of your hardware capacity, are switching the loaded devices dynamically, so the chance that one of the modules will stop working is minimal. However, trojan-miners do not care about your processor or graphic card. They will load your hardware as hard as they can, because their task is to mine the coins, not to keep the victim’s PC working properly. 

Overheating the processor may lead to its burnout; if the CPU is soldered on the motherboard, the solder may easily get softened, so the component may slide down from its place. The chip is also extremely sensitive to overheating, and the temperature limits are usually set based on the common usage – rendering, gaming, program developing, etc. Overloads that are usual for the trojan-miner activity are more similar to ones that can be seen in the benchmarks1, where the CPUs are running on the limits of their abilities. Same things may be said about the GPU, that are usually used on mining farms due to the specific features of graphics processors.

CPU benchmarking
CPU benchmarking process. You can see the amount of operations performed.

As you can see, coin miners can make much more serious hazards. While other viruses create intangible effects (which can still be priced in dollars), this type of trojan virus can break your computer physically, so neither anti-malware software, nor Windows reinstallation will help. The best solution is to delete the trojan-miner as soon as possible.

How did I get this virus?

There are many ways of getting infected with trojan-miner. In contrast to ransom trojans, that are used to deploy ransomware and other viruses, they are usually delivered by the variety of trojan viruses2. And the most popular methods for so-called trojan-downloaders are cracking programs (KMS Pico, KMS Tools and others) and different dubious programs that are stated as “system optimizers” or so. Less popular method of coin miner injection is adware bundle, that contains this virus as a component of a big pack of malware. Both of these ways are extremely easy to avoid. To be safe of trojan-miners, do not use any untrusted utilities, especially if your antivirus program shows you the notifications that this tool is possibly dangerous. Adware injection usually happens after clicking the advertisement somewhere in the Web. Installing AdBlock and cutting the habit of clicking the bright and blinking ads on different websites will secure you of this source of malware injection.

How can I remove the trojan-miner?

Manual coin miner removal is likely impossible, despite the ease of this operation at the first sight. The trojan-downloader which injected the trojan-miner will just recover the last one if you try to delete the .exe file. Miners that are distributed inside of the adware bundle usually can recover themselves, thanks to the special module built in every such virus. To be sure that nothing excessive uses your hardware, you need to utilize the antivirus tools.

I’d recommend you to use Loaris Trojan Remover. It was originally created to deal with the trojan viruses, so this one will not be a problem for it.

After the installation, run Loaris and launch the full scan. It may last for 10-15 minutes, so be patient

Scan process in Loaris

When the scan is finished, press “Apply” to delete all detected viruses. Be sure, the trojan-miner will be wiped out, and nothing will menace your PC. 

Scan process in Loaris
  1. More details about the benchmarks
  2. More about the trojan viruses


Leave a Reply

More great articles

positive digital footprint

How to Create a Positive Digital Footprint

What is a digital footprint? It’s also called "shadow footprint", "cyber footprint", "electronic footprint".This is a trail of your left-over…

Read Story

Vishing Definition: What is a Vishing Attack [Examples, and Protection Tips]

Recently, the popularity of this type of fraud as "vishing" is growing. Its essence is that contact with the victim…

Read Story
Wireless networks


WiFi Security Protocols Explained Since the early history of wireless networks they were generally considered to be insecure compared with…

Read Story