Hackers modify ransomware to deliver a Coinhive cryptocurrency-mining payload

Trend Micro recently discovered that hackers repurposed the XiaoBa ransomware to carry a cryptocurrency miner payload. Typically, XiaoBa infects a PC, encrypts its files, and holds those files hostage until the victim delivers a payment to hackers. But in this case, the new payload injects the Coinhive mining script into HTM and HTML files used by the infected PC. 

Coinhive is a JavaScript-based component that is injected into webpages. It uses a visiting PC’s processor to mine digital coins in the background although computers take a noticeable performance hit during the process. Typically, the mining ends once you leave the Coinhive-infested page, bringing your processor’s performance back up to speed. But Coinhive can also secretly reside in browser extensions, making an escape from the grueling process impossible while the browser remains open. 

The new XiaoBa variant appears to have a worm-style component, meaning it could spread from PC to PC connected to a local network, thus increasing the hackers’ financial gains. But that is not the worst-case scenario: This variant is also highly destructive. The revised code infects legitimate binary files (exe, com, scr, pif) to deliver the payload but destroys these files in the process. 

“The malware will prepend itself to any file with the above extension,” the security firm states. “That is the only criteria checked before infection, unlike other malware that typically look for certain conditions or markers before infecting the file. It also traverses all directories. It will not avoid critical system files and can render the system critically unstable if it is not dealt with properly.” 

Trend Micro says the malware infects files of all sizes and does not leave any markers on the infected file, allowing for multiple infections — 10 as shown in one example — on a single PC. Thus, not only is the processor bogged down from the mining aspect, but the “stacked” infections consume large amounts of memory and likely a big chunk of disk space, too. 

Trend Micro currently knows of only two versions of the XiaoBa variant, both of which carry the Coinhive payload. Both will disable Windows User Account Control notifications while only one deletes Norton Ghost images, disk media images (ISO), and blocks access to anti-virus and forensic-related websites. Presumably, both inject the Coinhive script into webpages as they are downloaded and cached locally on the PC’s storage device. 

What is not clear is how PCs obtain the XiaoBa variants in the first place. Malware is typically spread through email and social network scams, requiring victims to click a link that downloads the malicious file. According to Trend Micro, one of the two variants propagates by using removable drives, like a USB-based storage stick.  

XiaoBa was first reported by MalwareHunter Team at the end of 2017. Once it lands on a PC, it disguises itself as system files, disables the firewall, and blocks security-focused websites. It also modifies the PC’s registry and allows other viruses to infect the system. That doesn’t even cover the ransomware aspect, which encrypts files until victims pay a ransom. 


Nvidia’s A.I. Playground lets you edit photos, experience deep learning research

Nvidia is making it easier to access information on deep learning research. It has launched an online space with three demos for image editing, styling, as well as photorealistic image synthesis. 

Dodge the cryptojackers with the best torrent clients available today

Looking for the best torrent clients to help you share all of that wonderful legal content you own? Here's a list of our favorite torrent clients, all packed with great features while dodging malware and adverts.
Movies & TV

The best movies on Amazon Prime right now (March 2019)

Prime Video provides subscribers with access to a host of fantastic films, but sorting through the catalog can be an undertaking. Luckily, we've done the work for you. Here are the best movies on Amazon Prime Video right now.
Movies & TV

The best shows on Netflix right now (March 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.

These are the 6 best -- and free -- antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.

Amazon and Nvidia bring artificial intelligence to the cloud with T4 GPUs

Nvidia announced the availability of new mainstream servers optimized to run the company's latest T4 GPUs with Turning architecture. Amazon jumped on board immediately, announcing that new AWS EC2 G4 instances will offer the technology.

Netgear’s new Nighthawk Tri-band AX12 router brings Wi-Fi 6 speeds to the masses

Available in May for $600, the Nighthawk Tri-band AX12 router allows for maximum Wi-Fi performance on smart home devices and offers everything needed for gaming, streaming, and other high-bandwidth applications. 

Calibrate your display to get it looking just the way you like it

Want to see images the way they're intended to be seen? Here is our quick guide on how to calibrate your monitor using your operating system or another tool, to make what's on the screen look as good as it can.

How to change your Gmail password in just a few quick steps

Regularly updating your passwords is a good way to stay secure online, but each site and service has their own way of doing it. Here's a quick guide on how to change your Gmail password in a few short steps.

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.
Home Theater

Smart speakers are about to get an IQ bump thanks to new Qualcomm chips

Qualcomm announced a new chipset that is designed to make the next generation of smart speakers sound, listen, and connect better than ever before, and it could soon be in your living room.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.

Don't take your provider's word for it. Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.

Edit, sign, append, and save with six of the best PDF editors

Though there are plenty of PDF editors to be had online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or operating system.