A report from a post in Reddit advised that a GPU Miner is being installed along with a popular Android OS emulator application named Andy OS. A user in Reddit named TopWire stated that GPU Miner will the use the graphics processing unit to mine cryptocurrency. It was also stated that Andy was installing a GPU Miner Trojan without the users consent. The miner is being installed at C:\\Program Files(x86)\ Updater\updater.exe and uses the GPU on the user’s computer. The post stated that team is trying to bring this to users attention using a Facebook user group to publish the miner and has been repeatedly kicked out each time.
When downloaded and tested in the current Andy executable it was found to be using an adware bundler for its installer which can be used to perform some additional installs without the consent of the user.
VirusTotal reported that Andy installer is being detected as a core module in the installer which is also known as adware installer. The free software employs these techniques in order to generate Revenue each time when some user installs their program. The current Andy installer presented offers with Avast, Search Manager Chrome Extension and WinZip.
Even after user declines everything the Miner was still installed in the user’s computer without the permission of the user. The updater.exe is clearly detected as a Miners. The updater.exe posted on Reddit has been clearly detected as a Graphics Card miner.
{"id":%llu,"jsonrpc":"2.0","method":"submit","params":{"id":"%s"
Unauthenticated
[0m
,"job_id":"%s","nonce":"%s","result":"%s","inst_date":"%s","userID":"%s"}}
[31m
[33m
job_id
[01;37m
target
job
[01;30m
blob
coin
coin
variant
variantThe Andy installer launches another file named GoogleUpdate.exe which launches another program called UpdaterSetup.exe which actually installs the Updater.exe program and configures the victim’s PC automatically. The GoogleUpdate.exe file is officially signed by “Andy OS Inc” which shows that file is actually belonging to the Andy OS Inc.
This above video will show how Andy OS is mining the victim’s PC for cryptocurrency.
Take your time to comment on this article.
