New Rakhni Coin Miner Virus – Chooses Mining or Ransomware Infection


A new form of malware, combining the two most prominent threats out there – cryptocurrency mining and ransomware has been detected to check which is the appropriate type of virus to be installed on your PC and then installs either ransomware or miner.

The new coin miner malware is quite interesting in the fact that it infect your computer silently via an .exe file, pretending to be plugin for Adobe Reader:

The malware, which has been written in the language Delphi, installs the Rakhni Trojan on the victim’s computer, which is basically the executable file. But the .exe file is not directly downloaded on the victim PC. The Rakhni virus first spreads phishing e-mails that distribute the virus in the form of a fake Microsoft Word document, containing malicious macros. This type of attack is often used by malware and to briefly explain how it works, we have created the following graphic of activities:

What Does Rakhni Malware Do?

Once installed on your computer, the malicious executable displays a fake error message box, which tricks you as a victim that your computer has suffered some kind of malfunction resulting in a system error. In the background however, the Rakhni malware checks if it’s running on a virtual drive or an actual computr system and if it is, the virus shuts down and delete sit’s payload. The same is done if the virus is running in a Sandbox( environment.

If not however, the headache for victims begins as the Rakhni virus initiates a sscan of the computers of victims. This system scans your computer and looks of the following speicfic parameters:

  • If your PC has a BitCoin follder installed in the %AppData% directory..
  • If your computer system has dual-core or higher processing power, but does not have a BitCoin folder (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Vencislav Krustev. Read the original post at: