XMRig miner abuses non-trivial solutions to evade the protection systems

XMRig miner first has emerged in August this year, using a non-conventional attack method - a common Trojan detected as Trojan.Win32.Generic was run, installed admin programs, added a new user, reopened RDP to give the computer access to the attacker. That was followed by the start of Ransom.Win32.Crusis which would download the XMRig miner downloader. The other curious method that was spotted to go with XMRig miner in February this year was the Prometei backdoor, which was distributed through brute-force attacks. The whole attack is carried in automatic mode. Read more...