Cryptojacking malware comes in all shapes and sizes, but a brand-new strain that was only discovered in the wild back in February will make you sick to the stomach. Plurox was found back in February by Kaspersky Labs and its features are incredibly powerful.
In its current form, Plurox comes with 8 different cryptocurrency mining plugins that can be deployed by the attacker, meaning your computer’s antivirus software stands no chance. It’s the scariest malware we’ve seen in a while, and you would be right to be afraid.
How Dangerous is Plurox?
On the scale of 1-10, we would say it’s a solid 10 in terms of danger – hackers are going to turn your computer into a drive through for bad actors. The main purpose of Plurox is cryptocurrency mining, but it also comes equipped with an NSA grade backdoor into machines, meaning everything on your computer is at risk.
Once the target machine has been infected – could be via a fake download or by injecting the malware into a genuine app – the Plurox code will contact a C&C server to retrieve instructions and begin downloading the required plugins. There are dozens of different plugins for Plurox, meaning that you could be attacked specifically based on your hardware and software configuration.
Mining Cryptos Effectively
Plurox’s main goal is to mine cryptos, and it does it with the precision and care of a professional crypto mining outfit. Before downloading a crypto mining plugin from its C&C server, the initial package will assess your hardware configuration to see which cryptocurrency would be the most profitable to mine. From there, it downloads the plugin of the most profitable cryptocurrency and runs train on your hardware.
Plurox is designed to mine as much crypto as fast as it can, so hitting individual users is less than ideal. To help it spread through networks effectively – and in turn mine the most cryptocurrency – it uses an NSA backdoor plugin that creates port forwarding rules onto the local network. This is essentially a tunnel into enterprise networks that bypasses security features and firewalls. A whole company could be infected in a matter of seconds, so keeping an eye out for Plurox is vital.
If you want to keep yourself safe from Plurox, the best course of action is to avoid downloading files from untrusted sources. Only download apps and programs from the developer directly and verify PGP keys before installation. If you’re on a network with other users, try to air gap where possible – who knows how crazy Susan from accounts is.