My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

New Trojan.Mods mines bitcoins

December 24, 2013

Russian anti-virus company Doctor Web is warning users about a new Trojan.Mods modification that has been dubbed Trojan.Mods.10. This Trojan's authors followed the major trend of December 2013 and added a bitcoin miner to the set of Trojan.Mods.10’s features.

You may recall that Trojan.Mods programs were found in large numbers in the wild in spring 2013 and were primarily designed to intercept browsers' DNS queries and redirect users to malignant sites. As a result, instead of the requested sites, users end up on fraudulent pages whose URLs in the browser address bar appear to be official, so victims may not immediately recognize the fraud.


Previous versions of Trojan.Mods injected malicious code into processes of Microsoft Internet Explorer, Mozilla Firefox, Opera, Safari, Google Chrome, Chromium, Mail.Ru Internet, Yandeks.Browser, and Rambler Nichrome, while the Trojan.Mods injects its code into explorer.exe, which then searches for running browser processes and also attempts to inject malignant code into them. Previously, this code was implemented as a separate dynamic library.

Furthermore, Trojan.Mods.10 contains a module designed to mine bitcoins, which coincides with the recent major trend—it is the third mining Trojan discovered by Doctor Web in December 2013.

The signatures of the threats described above have been added to the Dr.Web virus database and therefore the Trojans pose no danger to computers protected with Dr.Web anti-virus software.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments