« previous next »
Pages: [1]   Go Down

Author Topic: Eve Online Win32:Malware-gen  (Read 1499 times)

0 Members and 1 Guest are viewing this topic.

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Eve Online Win32:Malware-gen
« on: July 19, 2021, 07:27:10 PM »
Hi.

During a deep scan Avast did find a malicious file in a cache folder of an MMO game I have installed called EVE Online.
I have uploaded to Virustotal and lot of well known AV engines detect it as trojan but when I have a look at the details and behaviours it seems to be making calls to Windows libraries. I am on a Mac and the game is running on macOS using WINE. So basically I am running the Windows version of the game on macOS.

I did some search and it seems to be common with EVE Online some AV engines detect it as malware.
So in case there are some experts here, could anyone please tell me:

1. What exactly this file is trying to do that trigger the detection?
2. Is this a real threat? if yes, could this be a threat on macOS or it is a threat to Windows users only?

Here is the link to virus total for more information:
https://www.virustotal.com/gui/file/a2931c1c11a1eafa36edc875baec73fb6248cd49db54f90679b953355e194390/detection

Thanks.
« Last Edit: July 19, 2021, 08:24:40 PM by ddabrahim »
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33902
  • malware fighter
Re: Eve Online Win32:Malware-gen
« Reply #1 on: July 19, 2021, 10:00:13 PM »
Seems that VT report is quite convincing with 27 vendors flagging that specific generic encrypted compiled executable.
See on behavior there: https://www.virustotal.com/gui/file/a2931c1c11a1eafa36edc875baec73fb6248cd49db54f90679b953355e194390/behavior

Conhost.exe is the Monero Mining virus.
Name   conhost.exe Virus
Type   CryptoCurrency Miner
Short Description   Aims to infect your computer and use it’s CPU, GPU and other resources to turn it into a miner for cryptocurrencies.
Symptoms   Hightened CPU and GPU usage and overheating. The victim PC may break if this virus mines for longer periods of time.
Distribution Method   Spam Emails, Email Attachments, Executable files

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ddabrahim

  • Jr. Member
  • **
  • Posts: 66
Re: Eve Online Win32:Malware-gen
« Reply #2 on: July 19, 2021, 11:27:17 PM »
Quote
Conhost.exe is the Monero Mining virus.


Thank you. Wondering how I got it. Avast Deep scan, did not discovered anything else and EVE Online is the only Windows application I have installed on my Mac. I don't usually download/install from unknown sources. The only fishy application I have installed is FileZilla, it was told in the Windows installer they usually include bloatware and even crypto miners was not recommended to install, but in the Mac installer did not notice anything. Could this miner coming from FileZilla?

I keep the installer of everything I have installed, so in case anyone would like to have look this is it:

FileZilla
https://gofile.io/d/86KZmM
VT: https://www.virustotal.com/gui/file/97639aa32cf215ba8a06861a5b20e442b3989e2d2751220cbe824f75e56a2a94/detection

EVE Online:
https://gofile.io/d/JPn8wG
VT: https://www.virustotal.com/gui/file/517c9f830e9939e4c3c908b5bb820492f575e7c2ed388fcf303decce45ae1313/detection

I did not experienced high CPU and GPU usage, I don't think it was able to run but wondering how I got a Windows miner on a Mac. I would think everything in the cache folder is downloaded from the EVE Online servers, maybe it is more likely their servers were infected at some point.


Logged
Pages: [1]   Go Up
« previous next »