Fake adblocker Hijacks Computer for cryptomining

Be careful if you're trying to install a Windows ad blocker, because it could turn out to be malware.

A newly discovered Trojan combining ransomware and a cryptocurrency miner is masquerading as an ad blocker called AdShield Pro. The malware is estimated to have infected more than 7,000 machines since Feb. 1.vThe malware also impersonates as OpenDNS networking software, the NetShield ad blocker and the Malwarebytes anti-malware software. This infected software is often installed through malicious websites. The fake Malwarebytes version even targeted more than 100,000 PCs back in August 2020.

How it works?

Getting infected by this software results in the XMRig combination ransomware/coin miner being installed on your machine. Next, the malware locks up your files just before it starts tapping into your CPU to mine the Monero cryptocurrency. The malware also downloads and installs a backdoor so that criminals can remotely access and control the machine. It reroutes the PC's DNS settings so that website-address lookups are resolved by the attackers' own servers and connections to antivirus websites are blocked.

It attempts to evade detection by comparing the actual system profile to what's in the Windows license file and is capable of detecting if it's running on a virtual machine — often used by information-security researchers — and the installation process stops. To avoid that unfortunate situation, make sure you download OpenDNS and Malwarebytes only from their official websites. And, of course, you should be running credible antivirus programs, which will detect and neutralize this threat before it can be installed.