It has been a while since a new type of bitcoin mining malware has surfaced. Unfortunately, it appears criminals are exploring this option once again. The WindowsTime.exe bitcoin miner is a Trojan Horse utilizing computer resources to mine bitcoin on behalf of the assailant. Given bitcoin’s recent price increase, it was only to be expected malicious bitcoin miner software would surface once again.
The WindowsTime Trojan Is Nasty Business
As most people are well aware of by now, malicious bitcoin mining software uses victims’ computer resources to generate bitcoins. Over the past few years, there have been multiple iterations of bitcoin malware, all of which were somewhat successful in their own right. It remains to be seen if WindowsTime.exe will be successful as well, though.
One thing this Trojan has working in its favor is how it no longer only utilizes the computer CPU to mine bitcoin. Instead, WindowsTime.exe makes use of the computer’s graphics card, which should – in theory – lead to more earnings on behalf of these criminals. Using regular computer hardware to mine bitcoin is anything but profitable, though. Then again, criminals can use other people’s hardware – and electricity – to do so when deploying this Trojan.
The WindowsTime Miner operates once the open-source Python PyOpenCL bitcoin miner is installed. Additionally, the payload will install multiple executables into a directory on the computer’s hard drive. Once this process is completed, the WindowsTime executable file will be launched, which launches an extra executable file going by the name of TimeServer.exe. It is this latter process that effectively performs the bitcoin mining task, which will quickly clog up computer resources.
What makes this Trojan so dangerous is how most “average” computer users will not necessarily notice something is amiss. Since the Trojan uses next to no CPU resources, the computer user will notice no significant slow down when completing day-to-day tasks. Previous iterations of bitcoin mining malware relied on using CPU resources, which made them more prone to discovery. WindowsTime on the other hand, will cause the computer’s graphics card to work overtime, and generate a lot of heat and noise in the process.
The bigger question is how criminals are actively distributing the WindowsTime Trojan to victims all over the world. For the time being, security researchers are uncertain as to how this bitcoin mining Trojan is distributed right now. In the past bitcoin mining malware was found in malicious torrent downloads and pirated software. It is not unlikely criminals are using this distribution model to this very day, though.
Thankfully, there is a thorough guide on the BleepingComputer website which allows victims to get rid of WindowsTime, although the process is anything but easy. There are quite a few steps involved in the process, although anyone who already uses an anti-malware software solution should be relatively safe from harm. It is evident criminals have been keeping an eye on the recent bitcoin price increase before deploying this mining Trojan.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
