LoudMiner: Cross‑platform mining in cracked VST software

LoudMiner: Cross‑platform mining in cracked VST software The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS ESET Research 20 Jun 2019 - 11:00AM

Share Introduction LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018. It uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency on a Tiny Core Linux virtual machine, making it cross platform. It comes bundled with pirated copies of VST software. The miner itself is based on XMRig (Monero) and uses a mining pool, thus it is impossible to retrace potential transactions. Distribution At the time of writing, there are 137 VST-related applications (42 for Windows and 95 for macOS) available on a single WordPress-based website with a domain registered on 24 August, 2018. The first application – Kontakt Native Instruments 5.7 for Windows – was uploaded on the same day. The size of the apps makes it impractical to analyze them all, but it seems safe to assume they are all Trojanized. The applications themselves are not hosted on the WordPress-based site, but on 29 external servers, which can be found in the IoCs section. The admins of the site also frequently update the applications with newer versions, making it difficult to track the very first version of the miner. Regarding the nature of the applications targeted, it is interesting to observe that their purpose is related to audio production; thus, the machines that they are installed on should have good processing power and high CPU consumption will not surprise the users. Also, these applications are usually complex, so it is not unexpected for them to be huge files. The attackers use this to their advantage to camouflage their VM images. Moreover, the decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see. Here are some examples of applications, as well as some comments you can find on the website:

  • Propellerhead Reason

  • Ableton Live

  • Sylenth1

  • Nexus

  • Reaktor 6

  • AutoTune

he story o


f a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS

6 views0 comments

Recent Posts

See All

So. I’ve been quiet for a long time. The reason. Poverty and job searching. I’m sure you all have been dealing with similar problems. 2022 started off with cancelation after cancelation. since early M

I have been trying to get work for months in my chosen field. I was booked to work with a Canadian band who all now live in Los Angeles CA. If any of you have been paying attention to my situation I h

I've been working with X Ambassadors over the last two months and I have been collaborating with other musicians and producers via dropbox, and I want to collaborate more with musicians who don't have