Another day, another Monero malware on the loose.
It was reported not too long ago that Monero has been mined again and this time a huge name is involved: Microsoft.
A new report coming from Symantec revealed that eight cryptojacking apps had been removed from the Microsoft Store after they have been detected as being malicious back in January.
Trend Micro brings new malware mining reports
Trend Micro researchers have just reported that there’s been a surge in a hack tool installation attempts that exploits a Windows SMB Server vulnerability.
This has been reportedly pathed since 2017, and now, according to experts the targets are organizations located in China, Hong Kong, Taiwan, and Italy.
It seems that the enterprise-level resources are perfect for the final payload of the campaign which is an XMR miner.
Technadu writes that “attackers use the Mimikatz utility to view the credential information in the infected machine (passwords, Kerberos tickets, etc.), combined with the Radmin remote access tool. This combination empowers them to infect the device with the mining payload remotely.”
The online publication also reveals a diagram.
The malware can be downloaded via infected websites
The malware can be downloaded via infected websites and other malware tools can also fetch it.
If you’re wondering how this works, it scans the host system and even deleted versions so that the performance on the infection is as highest as possible.
The XMR miner is encrypted and so is all the other info collecting tools that are downloaded by the malware of the victim machine.
The malware itself can also download some of the modules and others are sent to the machine via the Radmin tool.
The same online publication notes that according to Trend Micro, “the patch that plugs the remote code execution vulnerability that this campaign is exploiting was released in March 2017, so if you’re using SMBv1 (Microsoft Server Message Block) and you have not applied the patch yet, you should do so immediately.”
It seems that China and Taiwan received the most significant number of installation attempts.
If you want to find out more details especially tech ones regarding all of this we recommend that you head over to Trend Micro’s report.