The American Cybersecurity company Varonis has discovered a clever Monero Malware Miner. „Norman“ is particularly good at it, to make himself invisible – and proves once more that Monero (XMR) lives up to its name as a Privacy Coin all the glory.
By Christopher clover
16. August 2019BTC$9.697,19 -8.62%part Facebook Twitter LinkedIn xing mail
An American IT security company has discovered a new malicious software, the leading on affected devices secretly the Cryptocurrency Monero (XMR) „“. The Malware Miner of its discoverers in the name of „Norman“ baptized – to be particularly adept at hiding.
Norman was discovered by the American cyber security firm Varonis. In a Blog post the company published, on 14. August its results. The IT experts have found the Virus in the network of a corporate customer, in which it is apparently, before Mining Malware only has gewimmelt.
Almost every Server, and each Workstation was infected with Malware. Most of them were generic versions of crypto-miners. Some were password-Dumping Tools, other hidden PHP Shells, and others were for a few years present. We have passed our findings to the customer, the Malware from its environment is removed and the infection stopped.
Of all the crypto-Miner-samples, we found one. We called them „Norman“,
is it a blog on the company. What is Norman of his criminal competition stands out is his ability to remain undetected. On the open source Monero Miner XMRig-based malicious software first creates an infected copy of the Windows system process svchost.exe. In the case of the execution of Norman injects itself into the file explorer.exe the Windows user. After that, the malware is injected in the process wuapp.exe that is usually for Windows Updates.
a Particularly insidious: When you Open the task Manager wuapp.exe automatically closes. This enables Norman to withdraw from a first, superficial Screening by the user. The researchers could not determine the origin of Norman so far there are only indications that the perpetrator has used a French-language Version of the Compression software WinRar.
Malware Mining for Monero far
widely used, There is a reason why the Privacy Coin is Monero, however, is ill-suited for Malware-Mining attacks. So XMR-transactions, for example, are difficult to trace, thanks to ring signatures and Decoy operations. To do this, the fact that XMR tokens are fungible comes. This has to be one of the consequences of that individual Monero-units (and/or addresses) can not be branded because they are, for example, associated with illegal activities. The Latter is, however, more and more frequently in connection with Bitcoin exchanges-Hacks watch. Blockchain analysis, companies can track stolen BTC therefore, by keeping Bitcoin addresses of the alleged perpetrators in the eye. Unlike Monero also Exchanges thus have the possibility of the sale of BTC stolen goods on their platforms to prevent. If you do, always, is, of course, a different question.
The crypto-journalist Dovey Wan, for example, has Bitcoin Recently, addresses the alleged mastermind behind released behind the project Plus Token. Apparently, larger amounts of the Estimated are currently 200,000 of stolen BTC on the move.
How I get these addresses? These were the ones plus token ppl posted in their own chats for new members to send coins over, and are the only ones, in Chinese chat, I can find
they also have branches in Korea, Japan and Malaysia AFAIK, which i have no visibility https://t.co/Is20VzzPgb
— Dovey Wan