Makerere University

Enter a keyword or two into the search box above and click search..

MALWARE ALERT:New Virus Decides If Your Computer Good for Mining or Ransomware

You are here

Dear staff and Students

A good afternoon to you all.

As we continue to use the internet to do research, teach and learn about various things. We need to be very cautious and empowered with information about what's happening online.

Security Researchers have discovered malware that infects systems with either a cryptocurrency miner or ransomware. These schemes help them know which one is more profitable to attack.

To remind yourself about Ransomware, please click this link
Someone might ask, WHAT IS CRYPTOCURRENCY? It is a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank.

In Uganda, a conference on Blockchain technology took place recently, and there are still many divergent views, however this doesn't take away the fact that there some people already embracing this form of technology. An article about cryptocurrency was written on this site, click this link for more

The study by the security researchers reveals that both ransomware and cryptocurrency mining-based attacks have been the top threats so far this year.

Without guarantees for a payback from ransomware, Cyber criminals have shifted more towards fraudulent cryptocurrency mining as a method of extracting money using a victim's computer.

There is a new variant of Rakhni ransomware family (discovered by Russian Security firm at Kaspersky Labs), which has now been upgraded to include cryptocurrency mining capability as well.

This malware is being spread using spear-phisping emails (the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.) with an Ms word file in the attachment which if opened, prompts the victim to save the document and enable editing.

The document includes a PDF icon, which if clicked, launches a malicious executable on the victim's computer and immediately displays a fake error message box upon execution, tricking victims into thinking that a system file required to open the document is missing.

How Malware Decides What To Do

However, in the background, the malware then performs many anti-VM and anti-sandbox checks to decide if it could infect the system without being caught. If all conditions are met, the malware then performs more checks to decide the final infection payload, i.e., ransomware or miner.

In the background, it can choose to

1. Install Ransomware - if the target system has a 'Bitcoin' folder in the AppData section.
2. Install cryptocurrency - if 'Bitcoin' folder doesn't exist and the machine has more than two logical processors.
3. Activates worm component—if there's no 'Bitcoin' folder and just one logical processor

We know that technology to do with Cryptocurrency is picking up in Uganda and some of you might or could be already using them. This email comes to let you know what is happening and to prepare yourself with information.

We encourage staff and students to

1. Do not click or download email attachments you don't understand, always verify the source
2. Do not visit sites that aren't secure, a secure site normally starts with https:// e.g
3. Frequently back up your documents, you can use the cloud (Google drive, One drive, Dropbox)
4. Make sure your computer has an antivirus and it is updated.
5. If you aren't sure about something, involve your LAN administrator or send us mail using or you can log a ticket using

For more on best practices, click this link Activates worm component—if there's no 'Bitcoin' folder and just one logical processor

In other news

The smartphone you are handling can do a lot of spying on you, even reading Gmail (The APPS we download and give permissions to use our accounts are doing a lot of spying), visit this link for more, to verify that what APPS are using your Gmail visit this link