Monero mining malware targets music production pirates

A new malicious cryptocurrency mining script has been uncovered by security researchers, specifically targeting people downloading cracked music production software.

The mining script, known as LoudMiner, is multi-platform, and hijacks user resources to mine for Monero. The malware has been reported to have been in circulation since August 2018, with a spike in activity in recent months.

According to security researchers at ESET, who first uncovered the Monero malware, the script has been appearing in pirated versions of VST software in recent weeks.

An industry-leading application, the hack has the potential to affect a significant number of those attempting to download the software illegally.

“LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018. It uses virtualization software—QEMU on macOS and VirtualBox on Windows—to mine cryptocurrency on a Tiny Core Linux virtual machine, making it cross platform,” the researchers said. “It comes bundled with pirated copies of VST software. The miner itself is based on XMRig (Monero) and uses a mining pool, thus it is impossible to retrace potential transactions.”

Affecting both Mac and Windows systems, the script hijacks user resources to mine for Monero, running significant processing resources and energy costs on unsuspecting victims.

Targeting audio production software would potentially allow the script to run undetected, with audio production already a CPU-intensive process. Additionally, according to the researchers, audio production systems often have greater system resources available, and tend to run higher end hardware.

As many as four variations of the script have been uncovered, though it remains unclear how much the hackers might have made from the scam.

The malware installs itself at a root level on the host system, and automatically reloads on system restart, making it difficult to remove. Some victims have even reported reinstalling their operating system in order to remove the malware.

The malware is the latest example of malicious crypto mining scripts being planted in software. Previously, hackers managed to sneak malicious code into updates for Adobe Flash, and there have even been reports of malware in Windows OS updates.

The researchers at ESET suggested that the best advice was to avoid downloading torrents and cracked versions of software. In any event, they urged users to monitor CPU usage and start-up processes, in order to avoid falling victim to this type of cryptojacking malware.