New Monero-Mining Malware Hides from Task Manager
Hidden mining is still a threat in 2019, and this time, the process has been hidden from detection, bypassing Task Manager.
Varonis Security Research recently discovered a new strain of mining malware, able to disguise the mining for Monero (XMR) and similar CryptoNote assets on consumer electronics or networks. The virus received the moniker Norman, and apparently infected an entire company network.
“We found a large-scale infection of cryptominers; almost every server and workstation in the company was infected,” shared Varonis.
The infection spread to almost all devices within the company over the course of a year. The Norman malware also showed a new form of sophistication, by avoiding analysis and detection, and being invisible to Task Manager. The virus achieves this by shutting down whenever Task Manager attempts to list all processes, and then relaunches its process.
Users on the network saw the usual observable effects of a crypto miner - slowed down network and system performance overall.
Varonis was hired to explore abnormal network activity when it discovered the virus. The researchers went through the system manually to be able to detect the malware. The new discovery reveals that hidden mining is not gone, but may be evolving. In the past year, in-browser mining and other hidden Monero mining viruses became less of a threat, as asset prices fell.
Monero (XMR) currently trades at $79.79, far from peak prices, but still a promising price range. For now, XMR seems to be the most suitable CryptoNote coin to mine, as other assets have rock-bottom prices or low liquidity.
XMR mining is also accessible due to the network’s dedication to disabling ASIC rigs. This means that the Monero hashrate remains low at around 377 MH/s, allowing for any infected electronics to compete and produce blocks.
At one point, disguised Monero-mining ASIC boosted the hashrate, but the team decided on an upgrade to disable the machines. Since then, XMR is minable once again through GPU and CPU, giving new chances to malware.