Share this article
New Crypto Mining Malware Seen to 'Evolve,' Say Researchers
Researchers at cybersecurity firm Check Point say a relatively new form of crypto mining malware, dubbed KingMiner, is “evolving.”
Updated Sep 13, 2021, 8:38 a.m. Published Nov 30, 2018, 3:00 p.m.
Researchers at Israel-based cybersecurity firm Check Point Software Technologies say that a relatively new form of crypto mining malware, dubbed KingMiner, is “evolving.”
In a research note on Thursday, the firm's Ido Solomon and Adi Ikan said that KingMiner, a monero mining malware that first appeared about six months ago, is changing through time to avoid detection – even replacing older versions of itself that it encounters on host machines.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The researchers said:
“The malware continuously adds new features and bypass methods to avoid emulation. Mainly, it manipulates the needed files and creates a dependency which is critical during emulation.”
As a result of these tactics, the malware is also being detected by security systems at "significantly" reduced rates.
The malware usually targets Microsoft servers (predominantly IIS\SQL) and while configured to harness 75 percent of the victim machine's CPU capacity for mining, it actually uses up the full 100 percent.
To preserve its secrecy, KingMiner is also seen to use a private mining pool to avoid detection, which also has its API switched off.
"We have not yet determined which domains are used, as this is also private. However, we can see that the attack is currently widely spread, from Mexico to India, Norway and Israel," the researchers said.
The continual changes allow the malware to be more successful, they continued, predicting that such evasion techniques will continue to evolve during 2019 and become more common across crypto-mining malware variants.
Virus illustration via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Coinbase Reopens India Signups, Targets Fiat On-Ramp in 2026 After Two-Year Freeze
Coinbase halted services entirely in 2023, off-boarded millions of Indian users and shuttered local access while reassessing regulatory exposure.
What to know:
- Coinbase has resumed onboarding users in India, marking its return to the market after a two-year hiatus due to regulatory issues.
- The exchange is currently allowing crypto-to-crypto trading and plans to reintroduce fiat on-ramps next year.
- Despite regulatory challenges, Coinbase is investing in India, including increasing its stake in local exchange CoinDCX.
Top Stories
