Researchers Find Anti-Detection Monero Mining Malware

Thursday, 15/08/2019 | 09:34 GMT by Arnab Shome
  • Malicious malware targets mostly mid-sized enterprises.
Researchers Find Anti-Detection Monero Mining Malware
Pixabay

Security researchers have discovered yet another piece of crypto-jacking malware targeting victims computers to mine Monero.

Dubbed “Norman,” the malware was discovered by Varonis Security Research. According to the firm, the malware primarily targets computers at mid-sized enterprises to utilize computing power to mine CPU-centric coins like Monero.

“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,” the researchers noted.

The malware is based on XMRig, which is believed to a high-performance mining algorithm for Monero.

In addition, to avoid detection, the malware closes its mining process when Task Manager is opened and relaunches the process when it is closed.

“Norman employs evasion techniques to hide from analysis and avoid discovery,” the security company noted.

The malware is based on the PHP programming language and is likely to have originated from a French-speaking country, as the researchers found french variables in the code.

“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,” the report stated.

Monero - a perfect coin for crypto jackers

Monero is one of the favorites of crypto jackers. Unlike Bitcoin or Ethereum , which use GPU-centric processing power, this cryptocurrency can be mined on any device using unutilized CPU power.

Last year, another security research group found more than a hundred pieces of crypto-jacking malware concealed within Flash installers that target computers when users attempt to download the software.

Mobile devices have also become the target of crypto jackers, and Finance Magnates earlier reported that one such piece of malware targeted vulnerable Android devices.

Security researchers have discovered yet another piece of crypto-jacking malware targeting victims computers to mine Monero.

Dubbed “Norman,” the malware was discovered by Varonis Security Research. According to the firm, the malware primarily targets computers at mid-sized enterprises to utilize computing power to mine CPU-centric coins like Monero.

“Almost every server and workstation was infected with malware. Most were generic variants of crypto miners. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years,” the researchers noted.

The malware is based on XMRig, which is believed to a high-performance mining algorithm for Monero.

In addition, to avoid detection, the malware closes its mining process when Task Manager is opened and relaunches the process when it is closed.

“Norman employs evasion techniques to hide from analysis and avoid discovery,” the security company noted.

The malware is based on the PHP programming language and is likely to have originated from a French-speaking country, as the researchers found french variables in the code.

“The malware may have originated from France or another French-speaking country: the SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file,” the report stated.

Monero - a perfect coin for crypto jackers

Monero is one of the favorites of crypto jackers. Unlike Bitcoin or Ethereum , which use GPU-centric processing power, this cryptocurrency can be mined on any device using unutilized CPU power.

Last year, another security research group found more than a hundred pieces of crypto-jacking malware concealed within Flash installers that target computers when users attempt to download the software.

Mobile devices have also become the target of crypto jackers, and Finance Magnates earlier reported that one such piece of malware targeted vulnerable Android devices.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency