Back in February 2019, the security research team at Kaspersky spotted a new strain of malware called Plurox after a series of internal tests. Please read on to learn more about the new Plurox malware, how it can wreak havoc, and how to get rid of malware on your computer.
What Is the New Plurox Malware?
Plurox is a backdoor malware capable of spreading itself laterally to systems connected to a network and mine cryptocurrency via one of its eight plugins.
At this time, the communication channels used by Plurox to contact its command-and-control (C&C) server and its source code are not yet encrypted. But from the initial test results, the malicious software can spread itself with the help of UPnP and SMB plugins. It is also clear that Plurox has a modular structure that supports its multifaceted features, which can act as a backdoor into the local network.
This self-spread virus uses the TCP protocol to communicate with the server. It does so by loading and connecting plugins (downloaded files) through two different ports, which are hard-coded into its body.
What Is the Motive Behind Plurox?
What is worrying about Plurox is that it can work as a self-spreading virus, a backdoor trojan, and even more dangerous, a crypto-miner. Kaspersky found out that the malware has eight plugins dedicated to cryptocurrency mining, one SMB plugin, and a UPnP plugin, the sneakiest one.
The Kaspersky team further unearthed that the new malware uses two subnets during the attacks. In one subnet, Plurox bots deploy only mining modules, while in the second subnet, all the plugins are available for lateral movement across enterprise networks.
The purpose of these two different communication avenues is still unknown, but the most outstanding feature that is active in both subsets is cryptocurrency mining. So, we can safely conclude that Plurox operates as a cryptocurrency miner. Such programs usually use computer resources like GPU and CPU to solve mathematical puzzles.
What Can Malware Do to Your Computer?
It may seem like a no brainer, but most people seem to underestimate the danger of malware. Let’s not go too far. True, nobody wants a malware infection on their computer. But have you ever stopped to think of what malware can do to your computer?
Well, if you haven’t done that, know that malware can infect your computer in different ways and usually have unimaginable devastating effects. Spyware, for example, monitors your online activities when you are using an infected computer, while a worm-type virus, such as Plurox, replicates by exploiting a vulnerability in a network.
The first step to fight malware infections is to realize that you have a problem. When a malware enters your system, you may get a threatening error message, but sometimes you don’t. So, you need to pay attention to other red flags. In other words, you should know the symptoms of malware infection.
The most obvious evidence of a malware infection is slow performance and unstable system. Your computer may crash and reboot spontaneously with no logical reason. But that’s not all. The worst damages are often the ones you don’t see. Therefore, it is important to know not only how to remove malware from your computer, but also how to prevent malware from getting into your computer.
How to Remove Malware from Your Computer?
If you suspect that malware, such as Plurox, has got into your system, move fast to eliminate it before it causes more damage. There are a few steps you should take to get rid of malware on your computer:
1. Scan Your System
First, if you don’t have any malware in your system or if you are not sure of its presence, install a legitimate anti-malware program like Outbyte Anti-Malware. This program is designed to search for and remove any malware on your computer. It will run a full scan of your device, detects and deletes tracking cookies, stops threats, and cleans up malicious objects on your computer.
If your computer is displaying some symptoms, such as throwing a message with a threatening ransomware alert or a specific error code, the next step is to take the necessary measures and remove the malware immediately.
2. Disconnect from the Internet
Based on what anti-malware scans tell you, consider getting off the Internet. Turn off the Wi-Fi, pull the Ethernet on the PC, and unplug the router, if it is necessary. Sometimes, a remote access trojan aboard your device, so someone may be remotely accessing your computer.
3. Revert to a Previous Working Point
Having a System Restore point may come in handy when a malware infection can’t be fixed. So, if you have got System Restore points set on your device, use this advantage to reset your system. Sometimes, it may do the trick. Resetting your browsers to their default settings may also help.
4. Reboot Windows
If the above tricks didn’t work, reboot your Windows in a way that malware won’t get restarted. The best way to minimize risk is to boot your PC into Safe Mode. While you are in Safe Mode, try running your anti-malware program. Also, delete all temporary files and other suspicious files, which could be hiding the malware.
How to Protect Your Device from Malicious Software?
The best way to remain protected from malware is to stay vigilant. Here is how to do it:
Keep an eye on domain names that end with odd letters. Refrain from clicking or opening on unfamiliar pop-up ads and unsolicited email attachments, while browsing.
Popular avenues that attackers use to spread malicious software are peer-to-peer file transfer networks and freeware. So, you should be cautious when installing freeware. Also, avoid downloading applications from untrustworthy sites.
Perhaps the most important thing to do is to ensure your browsers, operating system, and plugins are up to date. Keeping your software updated will keep most cybercriminals at bay. Security firms and software developers, in general, are usually quick to patch up their tools, which is why you need to stay updated.
It should be drilled into you by now: You need to have active antivirus software on your computer. The programs will keep tabs on your device with real-time monitoring, scans, and even performing a heuristic analysis of processes and files to identify new threats.
Activate your VPN when using public Wi-Fi. This way, wicked people in the network will not steal your data and identity.
According to Kaspersky, Plurox is a potentially dangerous virus. It has advanced features that can use backdoor tricks to wreak havoc on your network. It is, therefore, crucial to eliminate it as soon as it gets into your system. It will help a lot if you know how to get rid of malware. Hopefully, this guide will help you stay safe and remove malicious programs on your computer.
What have you done to protect your computer from the new Plurox malware? Share your thoughts below.