Research Warns ‘Familiar’ Monero Mining Malware Is Infecting Windows Systems

Published at: Feb. 21, 2019

A new hacking tool is propagating throughout the online community in an attempt to install cryptocurrency mining malware, researchers at security intelligence firm Trend Micro confirmed in a blog post on Feb. 20.

Detected at the end of January, the tool is a combination of extant threats which previously targeted Microsoft Windows users: MIMIKATZ and RADMIN.

“Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly random files into the Windows directory,” the blog post reads:

“Initially appearing unrelated, analysis showed the final payload to be a Monero (XMR) cryptocurrency-mining malware variant[.]”

“Using MIMIKATZ and RADMIN for propagation while exploiting critical vulnerabilities enables malicious actors to spread malware with worm-like behavior to target specific systems in industries without being immediately detected,” Trend Micro concluded about the latest threat:

“Users are advised to regularly download patches from legitimate vendors as soon as they are released.”

The news will likely come as little surprise to cryptocurrency users, who have faced a raft of XMR mining malware threats over the past year.

As Cointelegraph reported, citing two independent research efforts, approximately 4.5 percent of the total XMR in circulation is thought to have been mined by such malware.

Malicious parties favor the altcoin due to its privacy and anonymity, along with the relative ease of mining it on consumer-grade devices, such as laptops and smartphones.

Tags
Related Posts
Cybercriminals Sneak in Crypto Mining Malware via Confluence Software Exploit
Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7. The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The …
Altcoin / May 7, 2019
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
Despite Bear Market, Crypto Mining Malware Tops Threat Index for 13th Month Running
Three strains of crypto mining malware have topped the latest Global Threat Index from Israeli cybersecurity firm Check Point, according to a press release published on Jan. 14. Check Point Software Technologies Ltd. is a security solution provider for governments and enterprises globally, with over 100,000 organizations reported to be currently using its security management system. As reported, stealth crypto mining attacks — also known as cryptojacking — work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Check Point’s Global Threat Index for December 2018, the top …
Altcoin / Jan. 14, 2019
Mining Malware Continues To Dominate Cybersecurity Threats By Seeking Out New Vulnerabilities
Mining malware may now be painfully familiar to anyone with even a passing awareness of cryptocurrency, but so far businesses and consumers alike are failing to significantly curb its growing threat. On May 14, Israeli cybersecurity firm Check Point released its latest Global Threat Index, and for the fifth consecutive month it found that the Coinhive crypto-miner is the "most prevalent malware" in the world, affecting 16 percent of organizations globally. Meanwhile, Santa Clara-based Malwarebytes released its Cybercrime tactics and techniques: Q1 2018 report on April 9, finding that businesses had seen a 27 percent increase in mining malware in …
Altcoin / May 24, 2018
Coinhive Code Found On 300+ Websites Worldwide In Recent Cryptojacking Campaign
The Coinhive crypto mining code has been recently detected on more than 300 government and university websites worldwide, cyber security researcher Troy Mursch reported Saturday, May 5. According to the report, all the affected websites are using a vulnerable version of the Drupal content management system. As the researcher posted on Twitter May 4, he was alerted to this particular campaign via the attack on the websites of the San Diego Zoo, and the government of Chihuahua, Mexico. Both websites reportedly had Coinhive injected into their Javascript libraries in the same way. Coinhive is a JavaScript program created to mine …
United States / May 8, 2018