Security experts at 360 Total Security have discovered a new modular
“Recently, 360 Total Security team intercepted a new worm PsMiner written in Go, which uses CVE-2018-1273, CVE-2017-10271, CVE-2015-1427, CVE-2014-3120 and other high-risk vulnerabilities
Once the malware has successfully exploited a vulnerability to infect the server, it will execute a
The malware gain persistence by copying the malicious WindowsUpdate.ps1 script to the Windows Temp folder and creating an “Update service for Windows Service” scheduled task that
The final stage payload is the open source Xmrig CPU miner that allows PSMiner to mine for Monero cryptocurrency.
“Inquiring about the relevant transaction records, we found that in just two weeks, the miner accumulated a total of about 0.88 Monroe coins” concludes the report.