The Tencent Security Threat Intelligence Center detected the "Quick Go Miner" update. This gang used MSSQL weak password blasting to spread the update. The latest variant of "Quick Go Miner" disguised the mining program as the system process WinInit.exe. So far, it has obtained 47 Monero coins with a market value of more than 20,000 yuan. At the same time, the gh0st remote control Trojan implanted by the virus on the compromised machine has various functions such as collecting information, uploading and downloading files, keyloggers, and executing arbitrary programs. The compromised computer also faces the risk of leaking confidential information.