Plurox is a modular backdoor malware strain capable of mining cryptocurrencies and of spreading to other computers on the local network via SMB and UPnP plug-ins. The backdoor uses TCP protocol to communicate with the C&C server. Plug-ins are loaded and directly interfaced via two different ports, creating Plurox as it deploys miners on the targets’ computers and distributes other plug-ins for lateral movement on local networks.

Reporting and Technical Details

  • Bleeping Computer provides technical analysis of the Plurox malware here.