Researchers Find Anti-Detection Monero Mining Malware

Another crypto jacking malware has been discovered by security researchers which target victims computers to mine Monero and even conceal itself from getting detected.
Dubbed “Norman,” the malware was discovered by the Varonis Security Research. According to the firm, the malware is primarily targeting computers at mid-sized enterprises to utilize computing power to mine CPU-centric coins like Monero.

“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,” the researchers noted.
The malware is based on XMRig, which is believed to a high-performance mining algorithm for Monero.
In addition, to avoid any detection, the malware closes its mining process when Task Manager is opened and relaunches the process when it is closed.
“Norman employs evasion techniques to hide from analysis and avoid discovery,” the security company noted.
The malware is based on the PHP programming language and is likely to have originated from a French-speaking country, as the researchers found french variables in the code.
“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,” the report stated.
Monero – a perfect coin for crypto jackers
Monero is . Unlike Bitcoin or Ethereum which are GPU-centric processing power, this cryptocurrency can be mined on any device using the unutilized CPU power.
Last year, another security research group found, concealed within Flash installers which target computers when the users attempt to download the software.
Mobile devices have also become the target of crypto jackers as that one of such malware was targeting vulnerable Android devices.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *