LoudMiner uses virtualisation software to mine cryptocurrency

ESET researchers have discovered an unusual cross-platform cryptocurrency miner called LoudMiner.

LoudMiner uses virtualization software – QEMU (short for Quick Emulator) on macOS and VirtualBox on Windows – to mine cryptocurrency on a Tiny Core Linux virtual machine.

LoudMiner comes bundled in pirated copies of a type of audio software plugin interface called VST (Virtual Studio Technology). LoudMiner then uses the compromised machines to mine cryptocurrency and uses SCP (Secure File Copy) with an embedded username and private SSH key to self-update.

“LoudMiner targets audio applications, given the machines running these applications often have a higher processing power,” says Marc-Etienne Léveillé, senior malware researcher, ESET. “These applications are typically complex and have a high CPU consumption, so users will not find this activity unusual. Using virtual machines instead of another leaner solution is quite remarkable, and is not something we have typically seen before,” added Léveillé.

ESET has observed that LoudMiner has been in use since August 2018.