Categories: Ad Guardian PlusNews

Malware campaign mining for Monero

Researchers discovered a new malware campaign mining for Monero. This is a cryptocurrency and the campaign deploys miner on Windows installations.

In order to avoid detection, it is using the hollowing technique. This covers up a process behind a secondary process. In order to trigger the malicious processes, the campaign needs a value that is passed between the programs (arguments).

How does it avoid detection?

Trend Micro‘s security experts noticed an increase in Monero mining malware lately. The most recent campaign used process hollowing and a dropper component. A dropper is a malicious software which installs other malware components on the infected machines. The dropped file itself evaded detection as it did not appear malicious for the security solutions. But, with the right argument, it would start mining for the Monero cryptocurrency. The campaign was active in many countries. But the attackers preffered Kuwait, Pakistan, India, Thailand, Brazil, Bangladesh, and the United Arab Emirates. The experts mentioned that its most active period begun in early November.

The way it works

The dropper, which is a 64-bit binary packed with malicious code, checks for certain arguments. Then, it verifies them after unpacking. The banes if the functions it used for malicious processes are quite unclear. But researchers say that: “Once executed with the correct arguments, the dropper drops and executes wakecobs.exe, a child process that will be created in a suspended state. Its memory will be unmapped and the dropper will then inject the malicious code onto it: an XMRig miner that runs unnoticed in the background.”

Security specialists believe that the malware campaign mining for Monero may have emerged at a time when cryptomining activities are on the decline. And they believe this happened due to the lesser number of competitors.

Other cybercriminals can easily take over this technique, they say. Thus, they advise organizations to implement appropriate measures to ensure that such threats do not compromise their resources.

Laurentiu Titei

Recent Posts

Fujitsu ScanSnap S1300i Driver Download for Windows 11/10

Despite being replaced by the ScanSnap iX1300 scanner, the Fujitsu ScanSnap S1300i remains a highly…

1 hour ago

How to Activate Windows Security on Your Device: Windows 11 and 10

The 2025 Microsoft Vulnerabilities Report stated that the security risks for Windows systems reached a…

11 hours ago

Epson L5290 Driver Download and Install for Windows 11 and 10

Epson L5290 is recognized as a good all-in-one printer. This EcoTank printer is especially praised…

11 hours ago

0x80370114 The Operation Could Not Be Started Because a Required Feature Is Not Installed

Are you unable to access the Linux environment, as a required feature, typically the Virtual…

1 day ago

How to Make Google Docs Dark Mode

Being writers, we spend a lot of time on Google Docs, writing these tech guides…

1 day ago

How to Pin Your Favorite Contacts to the Taskbar on Windows PC

Imagine one-click access to the people you communicate with most, directly from your computer’s Taskbar.…

2 days ago