According to WeChat public account @ 腾讯 御 见 ’s Threat Intelligence Center, recently, the Tencent Security Misee Threat Intelligence Center detected a KingMiner variant attack. KingMiner is a Monero coin mining Trojan that attacks the Windows server MS SQL. The Trojan first appeared as early as mid-June 2018, and two improved versions were quickly released later. Attackers have used a variety of evasion techniques to bypass the virtual machine environment and security detection, which caused some anti-virus engines to fail to detect it accurately. Statistics show that KingMiner affects more than 10,000 computers, with the most affected areas being Guangdong, Chongqing, Beijing, Shanghai and other places.