Cryptocurrency-mining Trojan found in pirated music software
Malware embedded in cracked music software package
Software piracy is alive and well, with music “warez” being absolutely no exception. While computer pirates were never strangers to malicious suprises hiding in their .rars and .isos, it may be the first time in which we have malware pointed specifically towards outlaw music producers.
Researchers at ESET Antivirus published an article exposing LoudMiner – a cryptocurrency-mining Trojan embedded exclusively in pirated music software. Researchers cited 137 examples, 42 of them being for Windows and 95 for macOS. Among them are well-known products such as Kontakt 5.7, Reason, Live, Sylenth 1, Nexus, and AutoTune. They have been made available for download on an inconspicuous blog with torrent files and links.
Music software, with added malware
ESET speculate that LoudMiner’s developers chose music software pirates as the culprit because it is easily assumed that they own powerful computers, are used to downloading large files and running CPU-intense applications. A crypto miner’s presence and activity can be easily masked under these circumstances – although many users on forums noticed the increased CPU usage and the presence of processes they inadvertently installed in the task manager. Furthermore, music software tends to be pricey and remains sought after by pirates, despite quarterly sales, subscription and rent-to-own plans providing affordable access to many high-profile products.
LoudMiner has been in circulation since August 2018. It utilizes virtualization software to mine cryptocurrency on a Tiny Core Linux virtual machine. The installation of the virtual maschine software is obfuscated as a normal part of the software install procedure. You can read more information about the virus and a description of its exact functionality under macOS and Windows at WeLiveSecurity.com.