IT security specialists ESET has identified an unusual new cryptocurrency miner, known as LoudMiner, that utilises virtualisation to infect the machines of unsuspecting users.

Described by ESET as “an unusual case” LoudMiner uses virtualisation software, either QEMU on macOS or VirtualBox on Windows, to mine cryptocurrency on a Tiny Core Linux virtual machine.

Virtualisation refers to creating a virtual version of a computer operating system on another machine. In the context of cryptocurrency mining, individuals can harness RAM or GPU of an infected machine to mine cryptocurrency, before transferring it to their own machine.

How LoudMiner is being used to mine cryptocurrency

According to ESET, LoudMiner has been in use since August 2018, and works by infecting PCs or through pirated copies of a type of audio software plugin interface called VST (Virtual Studio Technology). The compromised machine is then used to mine cryptocurrency without its owner’s knowledge.

As this is software used for audio production, this type of plugin would typically be installed on machines that have good processing power, meaning that an increase in CPU usage would often go undetected by users. However, ESET has said that using virtual machines for this purpose is not something that they “routinely see”.

Marc-Etienne M. Léveillé, senior malware researcher at ESET explains how this works:

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“LoudMiner targets audio applications, given the machines running these applications often have a higher processing power. These applications are typically complex and have a high CPU consumption, so users will not find this activity unusual.”

He also comments that this is an unusual case of cryptocurrency mining:

“Using virtual machines instead of another leaner solution is quite remarkable, and is not something we have typically seen before.”

Cryptojacking using techniques such as this can create problems for the user of the compromised machine, and can cause lasting damage to the device.

When a device has been infected, CPU uses increases, making the machine run slowly, shortening battery life and causing the machine to behave strangely. This could eventually lead to the device being unusable.

In order to prevent this, ESET warns against downloading pirated copies of commercial software and advises users to beware of signs that a computer may have been cryptojacked, such as popups from unexpected “additional” installers, higher CPU consumption, as well as new services and connections from unknown domain names.


Read more: Ransomware drop as cybercriminals find better money in cryptojacking