Security News > 2021 > March > Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection
2021-03-10 21:44

At its previous peak in February, the Monero Miner cryptocurrency ransominer was targeting more than 2,500 users a day, disguised as an antivirus installer.

Now, the tricky hybrid malware is on the rise again, this time impersonating an ad blocker and OpenDNS service.

The malware, disguised as an application called "AdShield Pro," looks and acts like Windows version of the legitimate AdShield mobile ad blocker, in addition to impersonating the OpenDNS service, the Kaspersky report explained.

"To ensure the continuous operation of the miner, a servicecheck XX task is created in Windows Task Scheduler, where XX are random numbers," the report added.

These attacks appear to be part of an earlier Monero Miner campaign first detected by Avast in August, which disguised the Monero ransominer bug as a Malwarebytes antivirus installer, researchers said.

To avoid the infection in the first place, users should download software only from legitimate sources and avoid pirated versions.


News URL

https://threatpost.com/fake-ad-blocker-cryptominer-ransomware/164669/