MENU

ACG-CYBER SECURITY BULLETIN NO 129 UNDERSTANDING THE RISK OF COINMINER VIRUS

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

CoinMiner is considered to be a virus, a type of malware that is designed to create havoc in the computer. A CoinMiner infection can be as harmless as showing annoying messages on your screen or as vicious as disabling the computer altogether.  Regardless of the virus' behavior, the primary objective of computer hackers who program viruses such as CoinMiner is to delete, destroy or steal data.

CoinMiner are software programs that infect the computer to disrupt its normal functioning without the computer user’s knowledge. Typically, a virus gains entry on the computer as an isolated piece of executable code or by through bundling/piggybacking with other software programs.

Once the CoinMiner gains entry into the computer thru downloads from questionable websites, infected email attachments, external media such as pen drive, DVD, and memory card already infected with CoinMiner, fake updates that trick in installing and infected documents circulating on peer-to-peer (P2P) file sharing networks and torrent sites.

The symptoms of infection can vary depending on the type of virus. Some viruses can keep adding shortcuts of other programs on the desktop, while others can start running unwanted programs, also referred as “PUP” (Potentially Unwanted Programs) to intentionally slow down the computer.

There are also more harmful viruses that present the infamous “blue screen of death”, a critical system error that forces you to keep restarting your computer. Viruses like CoinMiner can even delete the important files and folders.

The main reasons for computer infections are poor knowledge and careless behavior.  The key to safety is caution. Therefore, carefully analyze each window of the download/installation dialogs and opt-out of all additionally-included programs. We also strongly recommend that you download your software from official sources only and, preferably, using a direct download links. Intrusive ads often look legitimate, however, they redirect to dubious websites (gambling, pornography, etc.) If you experience these redirects, uninstall all suspicious programs/browser add-ons.

RECOMMENDATION

All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of CoinMiner Virus, to wit:

  • Always update the anti-virus software installed in your computer and conduct regular full scanning at least once a week;
  • Enable pop-up blocker;
  • Remove malicious add-ons from Internet Explorer, plug-ins from Google Chrome and rogue extensions from Mozilla Firefox;
  • Do not open e-mail attachments or hyperlinks you receive from an unknown sender or they could contain malware;
  • Remove rogue plug-ins from Microsoft Edge; and
  • Be cautious about unsolicited attachments.

For additional information, please refer to the following websites:

  • https://www.pcrisk.com/removal-guides/12088-coinminer-malware
  • https://www.solvusoft.com/en/malware/viruses/coinminer/
  • https://sensorstechforum.com/coin-miner-virus-detect-remove/

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.