Security researchers have discovered yet another piece of crypto-jacking malware targeting victims computers to mine Monero.
Dubbed “Norman,” the malware was discovered by Varonis Security Research. According to the firm, the malware primarily targets computers at mid-sized enterprises to utilize computing power to mine CPU-centric coins like Monero.
“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,” the researchers noted.
The malware is based on XMRig, which is believed to a high-performance mining algorithm for Monero.
In addition, to avoid detection, the malware closes its mining process when Task Manager is opened and relaunches the process when it is closed.
Changing the Face of AML with Self Service AnalyticsGo to article >>
“Norman employs evasion techniques to hide from analysis and avoid discovery,” the security company noted.
The malware is based on the PHP programming language and is likely to have originated from a French-speaking country, as the researchers found french variables in the code.
“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,” the report stated.
Monero – a perfect coin for crypto jackers
Monero is one of the favorites of crypto jackers. Unlike Bitcoin or Ethereum, which use GPU-centric processing power, this cryptocurrency can be mined on any device using unutilized CPU power.
Last year, another security research group found more than a hundred pieces of crypto-jacking malware concealed within Flash installers that target computers when users attempt to download the software.
Mobile devices have also become the target of crypto jackers, and Finance Magnates earlier reported that one such piece of malware targeted vulnerable Android devices.