Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
Trojan:Win32/Skrumpwey.A is a trojan that generates new digital coins in the Bitcoin decentralized economy. It makes use of a program known as Program:Win32/CoinMiner to generate Bitcoins and send them to a remote account. Trojan:Win32/Skrumpwey.A installs Program:Win32/CoinMiner silently, without a user's consent.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
Trojan:Win32/Skrumpwey.A is a trojan that generates new digital coins in the Bitcoin decentralized economy. It makes use of a program known as Program:Win32/CoinMiner to generate Bitcoins and send them to a remote account. Trojan:Win32/Skrumpwey.A installs Program:Win32/CoinMiner silently, without a user's consent.
Installation
Trojan:Win32/Skrumpwey.A usually arrives as a WinRAR self-extracting file. When run, it drops the following file, which is detected either also as Trojan:Win32/Skrumpwey.A or Trojan:Win32/Skrumpwey.B:
%UserProfile%\Start Menu\Programs\StartUp\xd.exe
This file is another self-extracting archive that drops the following files:
%TEMP%\vx.bat - batch file that automatically runs the CoinMiner program; detected as Trojan:BAT/MineBicoin.M
%TEMP%\hid.exe - clean file used to run programs without displaying a console, so you don't see it running on your screen
%TEMP%\hehe.exe - detected as Program:Win32/CoinMiner
The following system changes may indicate the presence of this malware:
Generating (also known as mining) BitCoins uses up a lot of your computer's resources due to its mathematically complex algorithm. You may notice that your computer is running slowly.
