A new attack uses a combination of known tools to target victims and use their hardware to mine Monero.
A new hacking tool is propagating throughout the online community in an attempt to install cryptocurrency mining malware, researchers at security intelligence firm Trend Micro confirmed in a blog post on Feb. 20.
Detected at the end of January, the tool is a combination of extant threats which previously targeted Microsoft Windows users: MIMIKATZ and RADMIN.
“Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly random files into the Windows directory,” the blog post reads:
“Initially appearing unrelated, analysis showed the final payload to be a Monero (XMR) cryptocurrency-mining malware variant[.]”
“Using MIMIKATZ and RADMIN for propagation while exploiting critical vulnerabilities enables malicious actors to spread malware with worm-like behavior to target specific systems in industries without being immediately detected,” Trend Micro concluded about the latest threat:
“Users are advised to regularly download patches from legitimate vendors as soon as they are released.”
The news will likely come as little surprise to cryptocurrency users, who have faced a raft of XMR mining malware threats over the past year.
As Cointelegraph reported, citing two independent research efforts, approximately 4.5 percent of the total XMR in circulation is thought to have been mined by such malware.
Malicious parties favor the altcoin due to its privacy and anonymity, along with the relative ease of mining it on consumer-grade devices, such as laptops and smartphones.