Researchers Find Anti-Detection Monero Mining Malware

by Arnab Shome
  • Malicious malware targets mostly mid-sized enterprises.
Researchers Find Anti-Detection Monero Mining Malware
Pixabay
Join our Crypto Telegram channel

Security researchers have discovered yet another piece of crypto-jacking malware targeting victims computers to mine Monero.

Dubbed “Norman,” the malware was discovered by Varonis Security Research. According to the firm, the malware primarily targets computers at mid-sized enterprises to utilize computing power to mine CPU-centric coins like Monero.

“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,” the researchers noted.

The malware is based on XMRig, which is believed to a high-performance mining algorithm for Monero.

In addition, to avoid detection, the malware closes its mining process when Task Manager is opened and relaunches the process when it is closed.

“Norman employs evasion techniques to hide from analysis and avoid discovery,” the security company noted.

The malware is based on the PHP programming language and is likely to have originated from a French-speaking country, as the researchers found french variables in the code.

“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,” the report stated.

Monero - a perfect coin for crypto jackers

Monero is one of the favorites of crypto jackers. Unlike Bitcoin or Ethereum , which use GPU-centric processing power, this cryptocurrency can be mined on any device using unutilized CPU power.

Last year, another security research group found more than a hundred pieces of crypto-jacking malware concealed within Flash installers that target computers when users attempt to download the software.

Mobile devices have also become the target of crypto jackers, and Finance Magnates earlier reported that one such piece of malware targeted vulnerable Android devices.

Security researchers have discovered yet another piece of crypto-jacking malware targeting victims computers to mine Monero.

Dubbed “Norman,” the malware was discovered by Varonis Security Research. According to the firm, the malware primarily targets computers at mid-sized enterprises to utilize computing power to mine CPU-centric coins like Monero.

“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,” the researchers noted.

The malware is based on XMRig, which is believed to a high-performance mining algorithm for Monero.

In addition, to avoid detection, the malware closes its mining process when Task Manager is opened and relaunches the process when it is closed.

“Norman employs evasion techniques to hide from analysis and avoid discovery,” the security company noted.

The malware is based on the PHP programming language and is likely to have originated from a French-speaking country, as the researchers found french variables in the code.

“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,” the report stated.

Monero - a perfect coin for crypto jackers

Monero is one of the favorites of crypto jackers. Unlike Bitcoin or Ethereum , which use GPU-centric processing power, this cryptocurrency can be mined on any device using unutilized CPU power.

Last year, another security research group found more than a hundred pieces of crypto-jacking malware concealed within Flash installers that target computers when users attempt to download the software.

Mobile devices have also become the target of crypto jackers, and Finance Magnates earlier reported that one such piece of malware targeted vulnerable Android devices.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}