Share this article
Malware Uses Victims' Machines to Mine Bitcoin Until Ransom is Paid
A curious new hybrid of bitcoin-mining malware and ransomware has been discovered infecting PCs.
Updated Sep 11, 2021, 10:20 a.m. Published Feb 10, 2014, 6:28 p.m.
A new Trojan has been discovered by Emsisoft, producer of PC security software. This is no garden-variety Trojan, however, it is a curious hybrid of bitcoin-mining malware and ransomware.
Whereas most ransomware directly attacks your PC or encrypts files stored on its drives, 'Trojan-Ransom.Win32.Linkup' blocks internet access by modifying your DNS and turns your computer into a bitcoin-mining bot at the same time.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Luckily, it shouldn’t be hard to spot when your system has been infected. ‘Linkup’ blocks all internet access bar a bogus Council of Europe website, which will demand personal information and a ‘payment method’ (read ‘ransom’) to unblock your access. Needless to say the Council of Europe has absolutely nothing to do with your internet access and you should not pay anything or enter personal details to regain your service.
In addition to messing around with the DNS, Linkup can also link up to a remote server and pressgang your PC into service as a bitcoin-mining bot. This is carried out via a downloader called 'pts2.exe', which extracts a second file, named 'j.exe', onto your computer. This is, in fact, a popular piece of mining software called 'jhProtominer'.
The damage that is likely to be inflicted by the Trojan is limited. jhProtominer only works on 64-bit operating systems, but, even so, that still leaves plenty of computers around the globe to infect.
Malware losing the mining battle
says it will keep a close eye on Linkup as it evolves. Since it is an unusual mix of ransomware and bitcoin-mining malware, it is in a class of its own. Luckily the company has already come up with a way of detecting Linkup and says that the Trojan should not be too dangerous, provided it does not metamorphose into something more sophisticated.
Bitcoin-mining malware is becoming increasingly common, but developers of these malicious programs are actually fighting a losing battle. As bitcoin's hash difficulty goes up, the mining power achievable with hijacking standard PCs decreases exponentially.
Furthermore, security firms are starting to take notice of the new trend in malware, and just a few weeks ago Microsoft helped destroy the Sefnit botnet, which was also stealing bitcoin mining capacity from people’s PCs. Several other illicit bitcoin mining operations have recently gone the same way.
Malware image via Shutterstock
More For You
L1 tokens broadly underperformed in 2025 despite a backdrop of regulatory and institutional wins. Explore the key trends defining ten major blockchains below.
What to know:
2025 was defined by a stark divergence: structural progress collided with stagnant price action. Institutional milestones were reached and TVL increased across most major ecosystems, yet the majority of large-cap Layer-1 tokens finished the year with negative or flat returns.
This report analyzes the structural decoupling between network usage and token performance. We examine 10 major blockchain ecosystems, exploring protocol versus application revenues, key ecosystem narratives, mechanics driving institutional adoption, and the trends to watch as we head into 2026.
More For You
Aptos' APT drops as token tracks broader crypto market weakness
APT has support at $1.56 and resistance at $1.63, per CoinDesk technical models.
What to know:
- Aptos' APT slipped 1% to $1.56 on Wednesday.
- Trading activity fell 11% under the 30-day average amid holiday market conditions.
Top Stories
