A potentially unwanted program (PUP) is found to be secretly mining Bitcoins.
Bitcoins are now valued at roughly $1,000 per coin. So, reports of sneaky bitcoin mining schemes are not at all surprising. But a new elusive Bitcoin mining method uncovered by security software company, Malwarebytes, is taking things to a whole new level.
Malwarebytes first encountered the scheme when a customer complained about a file that took up 50 percent of system resource. The file, named jh1d.exe, was found to be the Bitcoin miner "jhProtominer" - a mining software running via the command line.
Upon close examination, Malwarebytes discovered that it was installed and reinstalled by a parent process called "monitor.exe," which was later found to be developed by a company called We Build Toolbars LLC a.k.a. Mutual Public, which owns a product known as "Your Free Proxy." It was also found that the "Your Free Proxy" program is using "monitor.exe."
According to Adam Kujawa of Malwarebytes, "monitor.exe" was stored on an Amazon cloud server and also contained additional files such as silent installers and, in particular, a folder named "coin-miner."
"Monitor.exe beacons out constantly, waiting for commands from a remote server, eventually downloading the miner and installing it on the system," says Kujawa.
Even more interesting is the program's EULA (End user license agreement), which states: "As part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security. Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates."
Kujawa adds that if your PC is running slow, or if a process is taking up huge amounts of processing power, it could be a malware or, possibly, a Bitcoin mining software.