Named "WinstarNssmMiner" by 360 Total Security, this malware basically makes PC victims do heavy computing to mine virtual currency.
"Malware distributors have benefited greatly by mining Monero on victim computers," the security researcher said in a blog.
"According to our statistics, 360 Total Security has prevented this attack by more than 500 thousand times in 3 days."
It remains unclear how victims are infected by this malware. Chances are, they're opening an infected file that's sent via email or social media.
When the file is downloaded to the victim's PC, it will scan the antivirus software and disable the solution that is not made by Kaspersky, Avast, and other premium cyber security providers.
If the victim uses a security solution from one of these companies, then the malware will be silent and do nothing to avoid being detected as malware.
After that, malware will create two system processes called "svchost.exe", embed malicious code into these two processes and make them both "CriticalProcess".
One svchost will then start to mine the digital currency while svhchost will keep an eye on the antivirus software. If the antivirus is active, then both will stop their activities to avoid detection.
Antivirus does not detect malware. However, this malware uses the victim's computer to mine cryptocurrency, which gives a heavy burden on the PC, making the victim's PC very slow.
Victims who try to use Task Manager to close an active Service Host will be exposed to the blue screen of death.