"Doctor Web" reports on the spread of a new malicious program designed to extract crypto currency - mining.

Malicious received the designation Trojan. BtcMine. 1259. It attacks computers running Windows operating systems.

The main purpose of the Trojan is to use the computing resources of the infected Monero crypto currency (XMR). In addition, the malware installs the Gh0st RAT component with the backdoor functionality.

Immediately after the start, the Trojan checks whether the copy of the infected computer is running on the infected computer. Then it determines the number of processor cores, and if it is greater than or equal to the number of threads specified in the configuration, decodes and loads into memory the library stored in its body. This library is a modified version of the remote administration system with open source code, known as Gh0st RAT.

The main module, intended for Montero crypto currency extraction, is also implemented as a library. And the malicious program can use both 32-bit and 64-bit versions of the crypto-currency module.

Malware is able to use a certain number of cores and computing resources. In this case, the trojan tracks the processes running on the infected computer and when you try to start the task manager, ends its work.