WinstarNssmMiner – Anti destruction
is different. Based on a conventional XMR mining rig, it differs significantly when placed up against antivirus programmes. ‘Winstar’ is capable of shutting down the entire system to prevent a confrontation with the program.
By avoiding confrontation, the computer is forced to crash, leaving the user with a blue screen. Meanwhile, ‘WinstartNssmMiner’ can then proceed to use the processing power of the computer to mine cryptocurrency with the user powerless to prevent it.
If a user ever detects the hidden mining operations and tries to shut down the svchost.exe process associated with XMRig, the malware crashes the user’s PC, which would then require a restart.
The crash occurs because the malware sets the property of the svchost.exe process to a setting of “CriticalProcess,” hence Windows shuts down the PC when the malicious process is terminated.