Since mid-February 2025, attackers have been actively using fake online libraries to spread the hidden miner SilentCryptoMiner.
Resources mimicking the design of a well-known pirate library occupy top positions in search engines, attracting users with the promise of free access to books. According to Kaspersky GReAT experts, more than a thousand Russians have already fallen victim to the attacks, but the real scale may be significantly higher.
Infected sites host a malicious script that intercepts passwords during authorization and replaces download links. Instead of text files, users download an archive of 60–100 MB. Inside is an executable file, running which installs the miner. The program secretly uses the computing power of the PC to mine cryptocurrency, slowing down the operation of devices and increasing the wear of components.
Experts note that the miner is activated with a certain probability, which helps it avoid detection by antiviruses. Trust in the first search results makes such attacks particularly effective.
Experts advise avoiding downloading files from unverified resources and carefully checking the domain names of sites. Suspicious archives should be analyzed through online scanners, and two-factor authentication should be used for critical data.
Read more on the topic:
Fraudsters force YouTube bloggers to distribute hidden miners in Russia
