We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
App:NiceHashMiner
Aliases: No associated aliases
Summary
Microsoft Defender Antivirus detects and removes this potentially unwanted application (PUA).
PUA is a category of software that can cause your device to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted.
This potentially unwanted application falls under the Cryptomining software category in Microsoft's objective criteria. Cryptomining software are software that uses your device resources to mine cryptocurrencies.
Guidance for end users
- Read about what potentially unwanted applications are so you are aware of what they can do and how you can avoid them.
- Use Microsoft Edge—available on macOS and various platforms—and other web browsers that support SmartScreen. Microsoft Edge identifies and blocks malicious websites, including phishing sites, scam sites, and sites that have exploits and host malware. Microsoft Edge also blocks malicious software and PUA.
- Submit unknown or suspicious software for analysis. This will help ensure that unknown or suspicious software is scanned by our system to start establishing reputation. Learn more about submitting files for analysis.
Guidance for enterprise administrators
- Turn on PUA protection to detect and proactively block potentially unwanted applications (PUA). Use Threat & Vulnerability Management to check for and address the security recommendation to Turn on PUA protection in block mode.
- Harden internet-facing assets and ensure they have the latest security updates.
- Educate end users about downloading applications only from the Windows Store or from other trusted and reputable sources. They should exercise caution even when downloading popular software, such as FileZilla, Cheat Engine, and DivX. These applications can be bundled with other less reputable software.
- Turn on attack surface reduction rules and enable rules that block untrusted executable files. To assess the impact of these rules, deploy them in audit mode
- Enable antivirus protection on web servers. Turn on cloud-delivered protection to get the latest defenses against new and emerging threats. Users should only be able to upload files in directories that can be scanned by antivirus and configured to not allow server-side scripting or execution.
- Utilize the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among endpoints whenever possible. This limits lateral movement as well as other attack activities.
- Check your perimeter firewall and proxy to restrict unnecessary access to services, including access to services through non-standard ports.
- Monitor for brute-force attempts. Check excessive failed authentication attempts (Windows security event ID 4625).
- Use an application control solution to prevent the use of unauthorized apps and services.
- Encourage users to use Microsoft Edge—available on macOS and various platforms—and other web browsers that support SmartScreen, which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that have exploits and host malware. Microsoft Edge also blocks malicious software and PUA.
- Turn off or uninstall unfamiliar browser extensions. Revert browser search engine and home page settings to your preferred settings
