Linux Cryptominer Uses Virtual Machines to Attack Windows, macOS
bleepingcomputer | June 20, 2019
A new cryptocurrency mining malware dubbed LoudMiner uses virtualization software to deploy a Linux XMRig coinminer variant on Windows and macOS systems via a Tiny Core Linux virtual machine.The malware comes bundled within cracked copies Windows and macOS VST software such as Propellerhead Reason, Ableton Live, Sylenth1, Nexus, Reaktor, and AutoTune.
LoudMiner is distributed via an attacker-controlled website which currently links to 137 VST-related apps, 42 of them for Windows and 95 for the macOS platform, all of them frequently updated and hosted on 29 servers, as discovered by ESET Research's detection engineer Michal Malik.