top of page
Search

LoudMiner: Cross‑platform mining in cracked VST software

LoudMiner: Cross‑platform mining in cracked VST software The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS ESET Research 20 Jun 2019 - 11:00AM

Share Introduction LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018. It uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency on a Tiny Core Linux virtual machine, making it cross platform. It comes bundled with pirated copies of VST software. The miner itself is based on XMRig (Monero) and uses a mining pool, thus it is impossible to retrace potential transactions. Distribution At the time of writing, there are 137 VST-related applications (42 for Windows and 95 for macOS) available on a single WordPress-based website with a domain registered on 24 August, 2018. The first application – Kontakt Native Instruments 5.7 for Windows – was uploaded on the same day. The size of the apps makes it impractical to analyze them all, but it seems safe to assume they are all Trojanized. The applications themselves are not hosted on the WordPress-based site, but on 29 external servers, which can be found in the IoCs section. The admins of the site also frequently update the applications with newer versions, making it difficult to track the very first version of the miner. Regarding the nature of the applications targeted, it is interesting to observe that their purpose is related to audio production; thus, the machines that they are installed on should have good processing power and high CPU consumption will not surprise the users. Also, these applications are usually complex, so it is not unexpected for them to be huge files. The attackers use this to their advantage to camouflage their VM images. Moreover, the decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see. Here are some examples of applications, as well as some comments you can find on the website:

  • Propellerhead Reason

  • Ableton Live

  • Sylenth1

  • Nexus

  • Reaktor 6

  • AutoTune

he story o


f a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS

10 views0 comments

Recent Posts

See All

I've dedicated considerable time and effort to crafting an exceptional collection of additive loops to enhance music composition. Soon, they'll be accessible on my website. Each loop blends creativity

As a monitor engineer working with well-known bands like Jerry Cantrell, Travis, and Hollywood Undead, I have gained insights into the distinctive roles of front of house and monitor engineers that I