Report: Researchers Discover New Cryptojacking Malware for Mining Monero | BTCMANAGER
Bitcoin, Blockchain & Cryptocurrency News
Varonis, a data security and analytics company, has discovered new strains of cryptojacking malware that hijacks a victim’s computer resources to mine monero (XMR), and a mysterious web shell while investigating the cause of a cryptomining infection for a client. Notable among the detected malware, is Norman, a stealthy Monero cryptojacking exploit that uses evasion techniques to disguise itself, according to a blog post on August 14, 2019.
Cryptomining Malware Cripples Servers and Workstations
Per the blog post, while carrying out investigations regarding a cryptomining infection on the systems of one of its clients, the Varonis research team discovered that almost all the victim’s servers and workstations had been hijacked by a new cryptomining malware, resulting in system slowdowns and unstable applications.
The researchers decided to conduct a manual scanning of the company’s servers and workstations using the Varonis Data Security Platform and they further discovered a large-scale malware which was mostly generic variants of cryptominers, as well as password dumping tools, PHP shells and more.
Malware Relies on DuckDNS
The team has revealed that a majority of the malware relied on DuckDNS, a Dynamic DNS service that was either employed by the cyberattack for command and control (C&C) communications, to retrieve configuration settings, or to send messages.
However, a certain malware named Norman stood out from the crowd, due to its ability to evade detection.
Varonis says Norman is an XMRig-based cryptominer that has three major phases of deployment: the execution,