More and more cryptocurrency mining malware continues to hone in on major corporations, hijacking victims to mine altcoin Monero (XMR).
Results from research conducted by a Special Ops team at cybersecurity firm JASK indicated a customized version of trojan Shellbot has become more and more common since it came out in November 2018.
The people behind it, the company confirmed, appear to be a hacker group from Romania known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware places in.
“The toolkit observed [...] in use by the attacker contains three primary components: IRC (Internet Relay Chat) botware for Command and Control (C2), a revenue stream via Monero mining, and a popular scan and brute force tool, haiduc,” JASK relayed.
The most recent threat precisely targets users of devices running Linux. In mid-January, a study from Palo Alto Networks discovered another Monero-mining malware targeting Linux users that could disable cloud-based security measures to escape detection.
These “cryptojacking attacks” — putting in malware which secretly mines cryptocurrency on a victim’s device — have become more widespread over the past year.
Malware detections rose by almost 500 percent in the first half of 2018, while a survey in August 2018 relayed that in the United Kingdom alone, over half of businesses had been impacted by cryptojacking at some point.