New Malware uses PC Power to Make Cash

John Lister's picture

Hackers could use your computer to literally make money. That's thanks to an unusual malware attack that doesn't involve any files, making it harder to detect.

The "Coinminer malware" takes advantage of a Windows and browser bug nicknamed Eternal Blue. That's the same bug that was exploited in several high-profile ransomware attacks recently. While Microsoft has issued updates, it seems some users haven't installed the security patches.

Malware Runs Inside Memory

One big problem with the Coinminer malware is that it works in the computer's memory, rather than as a file or program in its own right. This makes it much harder to find through computer scans that check through the files of a drive at scheduled intervals and look for ones which match a list of known rogue files. (Source:

The other unusual element of Coinminer is how it is used. Unlike many malware examples, it's not about accessing data on the victim's machine or about acting as a weapon to attack other computers.

Instead, it installs and runs software for what's known as "cryoptocurrency mining." Cryptocurrency, the best known example of which is Bitcoin, is a virtual currency that exists only online. It works by computers working together to create and maintain a record of every transaction made using the currency. This removes the need for banks and makes it hard, if not impossible, to 'steal' money.

Criminals Make Cash From Your PC's Work

The process of computers adding and verifying entries in the record is known as "mining." The workload is spread across all the computers, with users rewarded by being paid in units of the cryptocurrency. This is also how the 'money supply' grows at a controlled rate to reduce the risk of inflation.

Coinminer works by hijacking the resources of victim computers for this mining, with the criminals collecting the bonus currency units, which they can then sell online in exchange for real world cash. In other words, the malware is not only using a computer's processing power - drastically affecting performance - but earning cash for the criminals. If left undetected, it will end up creating a larger energy bill as well.

For the average home user, the best response to Coinminer is to confirm that all Windows security updates have been installed and to run a scan of the computer for malware on a regular basis. (Source:

What's Your Opinion?

Do you have Windows security updates set to automatically download and install? What security software do you use? Do you have real-time scanning switched on or do you find this affects performance?

Rate this article: 
Average: 4.6 (5 votes)


Dennis Faas's picture

This malware is similar to other malware I've seen on Windows Server 2003 systems that aren't patched. Hackers like to go after server systems because they usually contain beefier hardware, which means more CPU cycles can be used to mine. The only difference is that this malware runs resident in memory and doesn't contain an executable file. Either way, if you become infected - it will slow your computer down to a crawl. On the system that I experienced this issue with, it took a minute in between clicks to get anything done. It was extremely painful.

wysetech2000_6856's picture

Hey Dennis. I have Windows update set to download and to install manually om Windows 7. I have Eset Nod32 and Malwarebytes running in the background. I tried with them active and turned off. I see no difference in performance.