The Monero Miner cryptocurrency ransominer has infected more than 20,000 users in less than two months, researchers at Kaspersky warned. The malware, disguised as an application called AdShield Pro, looks and acts like Windows version of the legitimate AdShield mobile ad blocker, in addition to impersonating the OpenDNS service. The miner can be removed by reinstalling the legitimate file that it masquerades as, researchers said. The attacks appear to be part of an earlier campaign first detected by Avast in August.
Source: https://threatpost.com/fake-ad-blocker-cryptominer-ransomware/164669/