New Instance of Monero Malware Sees Cryptojackers Target Linux Users

Published at: Feb. 6, 2019

More cryptocurrency mining malware continues to target major corporations, hijacking victims to mine altcoin Monero (XMR), new research warned on Feb. 5.

Findings from the Special Ops team at United States cybersecurity company JASK reveal a modified version of trojan Shellbot has become increasingly prevalent since its debut in November last year.

The perpetrators, the company says, appear to be a Romanian hacker group known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware installs.

“The toolkit observed [...] in use by the attacker contains three primary components: IRC (Internet Relay Chat) botware for Command and Control (C2), a revenue stream via Monero mining, and a popular scan and brute force tool, haiduc,” JASK confirmed.

The latest threat specifically targets users of devices running Linux. In mid-January, research from Palo Alto Networks found another Monero-mining malware targeting Linux users that had the ability to disable cloud-based security measures to avoid detection.

As Cointelegraph reported, so-called “cryptojacking attacks” — installing malware which secretly mines cryptocurrency on a victim’s device — have become considerably more widespread over the past year.

Malware detections shot up almost 500 percent in the first half of 2018, while a survey in August 2018 claimed that in the United Kingdom alone, over half of businesses had been affected by cryptojacking at some point.

This year, separate statistics suggested that around 4.4 percent of all XMR in circulation came from nefarious sources.

Tags
Related Posts
Botnet Exploits SQL Servers to Install Crypto Mining App
Recent reports revealed that a group of hackers behind the Kingminer botnet targeted vulnerable Microsoft SQL server databases to mine cryptocurrencies at some point in the second week of June. According to the cybersecurity firm Sophos, the attackers used the botnet, active since 2018, to exploit the BlueKeep and EternalBlue vulnerabilities, by also accessing through a trojan known as Gh0st, which relies on a remote access malware. Once the SQL server database is infected, the botnet installs a well-known crypto miner software called XMRig, which mines Monero (XMR). There are no details as of press time regarding how many systems …
Altcoin / June 10, 2020
Researchers Find Monero Mining Malware That Hides From Task Manager
Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero …
Altcoin / Aug. 14, 2019
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Despite Bear Market, Crypto Mining Malware Tops Threat Index for 13th Month Running
Three strains of crypto mining malware have topped the latest Global Threat Index from Israeli cybersecurity firm Check Point, according to a press release published on Jan. 14. Check Point Software Technologies Ltd. is a security solution provider for governments and enterprises globally, with over 100,000 organizations reported to be currently using its security management system. As reported, stealth crypto mining attacks — also known as cryptojacking — work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Check Point’s Global Threat Index for December 2018, the top …
Altcoin / Jan. 14, 2019
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019