Updated on July 18, 2019.
Earlier this year, researchers found a modular back door.
Distributed cryptocurrencies One in eight different infected systems
Malicious plugins use UPnP SMB protocols instead.
Writer Kaspersky wrote in C is full of Mingw GCC. A malicious program called Plurex was discovered in February last year.
Faith identifies the back door when it is in the test phase.
Plurex communicates with the C2 server and receives commands.
The TCP protocol is part of the process to check if it is dangerous.
Second) plug to insert the infected device
Kaspersky Blog on June 18 (written by researcher Anton Kuzmenko)
Kaspersky noted that it noticed two subtypes during the inspection
Cars. Previously, only cryptocurrencies were purchased
These have been replaced by miners and old equipment used to transport around the world
Internet server protocol and restrictions
Easy access from Kaspersky AutoProc, AutoCoda,
Auto_miner, auto_pink_amd, auto_gpu_intel, auto_gpu_nvidia,
Auto_gpu_coda and auto_gpu_amd. Malware reports on server C2
Install the victim and install it
The details of each of the eight low-level workers they carry.
The main goal of UPnP and SMB drugs is to access a network of interfering devices
Kozmanko writes that it spreads like a worm. Kaspersky notes that the UPnP add-on is excellent for NSA EternSilence.
SMB already uses Etern Blu to distribute malware by the NSA.