Researchers at Israel-based cybersecurity firm Check Point Software Technologies (NASDAQ:CHKP) say that a relatively new form of crypto mining malware, dubbed KingMiner, is “evolving.”
In a research note on Thursday, the firm's Ido Solomon and Adi Ikan said that KingMiner, a monero mining malware that first appeared about six months ago, is changing through time to avoid detection – even replacing older versions of itself that it encounters on host machines.
The researchers said:
“The malware continuously adds new features and bypass methods to avoid emulation. Mainly, it manipulates the needed files and creates a dependency which is critical during emulation.”As a result of these tactics, the malware is also being detected by security systems at "significantly" reduced rates.