“Jedi to Survive”: Uncovering the Hidden Trojan Miner
In the world of digital currency mining, the popular notion is that solving complex puzzles can lead to lucrative rewards. With over 100 types of digital currencies currently in existence, including Bitcoin, Lycra coins, and Monroe, the price of these currencies has experienced a rapid growth trend in recent years. For instance, the current price of 1 Bitcoin is a staggering $14,841, equivalent to 97,140 yuan. This significant profit has attracted a large number of miners who are investing more computing resources in the hopes of striking gold.
However, a recent discovery by Tencent’s computer housekeeper has shed light on a sinister plot. A Trojan miner, hidden within the “Jedi to Survive” aid program, has been targeting users’ computers, essentially turning them into high-performance mining machines. After analysis, it was determined that the mining Trojan, called tlMiner, has affected hundreds of thousands of user machines.
The Trojan Miner: A Closer Look
The tlMiner Trojan is embedded in the “Jedi to Survive” aid program, which is designed to assist players in the game. The main program includes assistance, dependent libraries, and a white using file called tlwgft.dat. This file is added to the main housing, which consists of four layers: two UPX compression, a simple encryption shell layer, and part of VM code. The decryption algorithm used is also confusing, making it difficult to decompile.
Once the main program starts, it will copy the tlwgft.dat file to the system, covering the current directory. If the copy fails, it will successively copy from a built-in list of files that can be utilized. The main program then builds a PE file called mgr.exe, which replaces tlwgfz using memory loading memory for mgr. This deliberate erasure of the PE header makes it difficult to dump the memory.
The tlwgft file belongs to the aid program’s main interface, responsible for secondary updates, module delivery, and mining Trojan running. After the main program starts, it will access a list of processes, checking the blacklist. If the machine has any of the following processes running, the user will be prompted to close or uninstall the software.
The Mining Process
The mining process is based on the open-source program ccMiner 2.0. This program is compatible with Windows, Linux, and supports various virtual currencies, including Bitcoin, HSR, and Sibcoin. The mining Trojan specializes in digging HSR currency, which is currently trading at prices close to 200 yuan. Due to limited individual mining output capacity, the Trojan will help the mining mineral pool, which is connected to Address: hcash.uupool.cn. The user name tlwg is used to participate in the mining pool, and the machine operator will receive rewards based on their level of force distribution.
The Spread of the Trojan Miner
Although the aid has long existed, the discovery of the Trojan miner is a relatively new phenomenon. The spread of the Trojan began on December 8, and reached a peak value on December 20, affecting nearly 20 million machines. The aid program announced the disabling of the Trojan on December 22, but the huge profit-driven criminals reopened the mining and auxiliary functions on December 25.
Safety Recommendations
To prevent the spread of the Trojan miner and protect your system, we recommend the following safety measures:
- Turn on system automatic updates: Timely patching can prevent malicious Trojans from using vulnerabilities.
- Use strong passwords: Avoid using weak passwords, which can give opportunities to criminals.
- Monitor CPU usage: If you find suspicious processes, close them promptly.
- Avoid browsing untrusted sites: Do not browse porn or other auxiliary marked as untrusted sites.
- Use security software: Scanned with security software before using software, and use the computer butler Tencent class mining intercept killing Trojans.
By following these safety recommendations, you can protect your system from the “Jedi to Survive” Trojan miner and prevent it from turning your computer into a high-performance mining machine.