A new cryptocurrency-mining malware has surfaced

A new cryptocurrency-mining malware has surfaced

Sonatype has identified a new malware that can trick computers into mining for crypto

As usual, at least once a month, the crypto space has become the victim of new cyberattacks. This time, Sonatype and its automated malware detection system have detected several malicious packages in the npm registry this month. Apparently, the packages were masquerading as legitimate JavaScript libraries, but something was seen to be amiss when they were caught launching cryptominers on Windows, macOS and Linux machines.

Reportedly, “okhsa,” “klow,” and “klown” are the malicious packages that could be detected in this new cryptocurrency-mining malware. Specialists indicated that okhsa comes in different versions, which largely contain a skeleton code that starts the Calculator application in the pre-installation of Windows machines. But in addition, the npm package klow or klown are also included in those versions as a dependency, which is malicious. It is said that the same author was responsible for publishing all these packages, and the account has since been deactivated.

According to the findings of Sonatype’s security research team, it was discovered that klown had surfaced within hours of being removed by npm. Apparently, klown was masquerading as a legitimate JavaScript library “UA-Parser-js,” which was intended to be an ideal tool to help developers extract hardware specifications (OS, CPU, browser, engine, etc.) from the HTTP “User-Agent” header.

“Packages ‘klow’ and ‘klown’ contain a cryptocurrency miner. These packages detect the current operating system at the preinstall stage, and proceed to run a .bat or .sh script depending on whether the user is running Windows or a Unix-based operating system,” explained Ali ElShakankiry, the Sonatype security researcher who was in charge of analyzing the packages. “These scripts then download an externally-hosted EXE or a Linux ELF, and execute the binary with arguments specifying the mining pool to use, the wallet to mine cryptocurrency for, and the number of CPU threads to utilize.”

Don't Miss these ACR News Stories


Join the most trusted US poker site since 2001 and get a 100% bonus on your first deposit, up to $1,000 !



Stay up to date on the latest poker news through social media. Join us at Facebook/americascardroomeu and follow us @ACR_POKER on Twitter. We invite you to share ideas and reactions.