POWERFUL PCS AND MACS used by audio creation types are being targeted by Linux cryptocurrency miners that use virtual machines to run on Window and macOS.
Security firm ESET discovered what it has dubbed LoudMiner malware, which uses virtualisation software - VirtualBox on Windows and QEMU on macOS - to run a Linux XMRig cryptocurrency coin miner on infected machines through the use of a Tiny Core Linux virtual machine.
As professional audio wrangling types tend to make use of virtual studio technology (VST) software suites which require a decent amount of compute power to run effectively, they tend to have powerful machines at their fingertips. For cryptocurrency coin mining, more power equals more calculations that can be crunched and thus more coins that can be mined.
As such, ESET noted that LoudMiner seems to be targeting these machines due to their high-performance and that high CPU usage is common, so the crypto miner syphoning off CPU power can do so without triggering immediate suspicions.
"Moreover, the decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see," explained Michal Malik, a detection engineer at ESET.
The mining malware has been distributed through a website controlled by the attacker and has been found lurking in cracked copies of VST software such a Propellerhead, Ableton Live, AutoTune and Reaktor, for Windows and macOS. There's probably a lesson in there somewhere about using dodgy cracked software, but we won't preach it to you.
Malik noted that ESET has found several examples of the malware being used out in the wild, causing CPUs to max out. The researcher did say a few things could be done to detect when LoadMiner was running on a PC, but he did lead by noting that perhaps people shouldn't pirate software in the first place.
"Obviously, the best advice to be protected against this kind of threat is to not download pirated copies of commercial software," explained Malik.
Nevertheless, LoadMiner at least gives an insight into quite a clever cryptojacking technique, and one any tech-centric audio professionals might want to keep an eye out for. µ
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked