Malware Bytes helps identify, stop and remove malware Crypto Miners!
In my social circle, the kids Gaming PCs getting infected is very common.
Recently one of my boxes got hacked via a QBitTorrent exploit, and I didnt have Malware detection running, other than the built in W11 system.
I installed Malwarebytes and it detected and correctly removed the malware crypto miner.
FYI they exploited QBT via the web interface, which had default settings, but wasn't exposed via port forwarding to the web. It might have been via UPNP, which was enabled. No idea - but it's a common exploit used to DL a torrent then run a post DL script .bat file to DL and run a crypto miner.
I'd literally had QBT running on Windows for a couple of weeks, having switched from a dockerized setup on a Mac Mini. How Windows allows the running of a .bat file to DL an .exe that can run a crypto miner is just a bonkers lack of security!
Naturally I had to nuke the box from space anyway :-)
> In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.