Monero (XMR) Mining Malware Is Targeting China And Taiwan Companies

Another day, another Monero malware on the loose.

It was reported not too long ago that Monero has been mined again and this time a huge name is involved: Microsoft.

A new report coming from Symantec revealed that eight cryptojacking apps had been removed from the Microsoft Store after they have been detected as being malicious back in January.

Trend Micro brings new malware mining reports

Trend Micro researchers have just reported that there’s been a surge in a hack tool installation attempts that exploits a Windows SMB Server vulnerability.

This has been reportedly pathed since 2017, and now, according to experts the targets are organizations located in China, Hong Kong, Taiwan, and Italy.

It seems that the enterprise-level resources are perfect for the final payload of the campaign which is an XMR miner.

Technadu writes that “attackers use the Mimikatz utility to view the credential information in the infected machine (passwords, Kerberos tickets, etc.), combined with the Radmin remote access tool. This combination empowers them to infect the device with the mining payload remotely.”

The online publication also reveals a diagram.

monero malware diagram - Monero (XMR) Mining Malware Is Targeting China And Taiwan Companies

The malware can be downloaded via infected websites

The malware can be downloaded via infected websites and other malware tools can also fetch it.

If you’re wondering how this works, it scans the host system and even deleted versions so that the performance on the infection is as highest as possible.

The XMR miner is encrypted and so is all the other info collecting tools that are downloaded by the malware of the victim machine.

The malware itself can also download some of the modules and others are sent to the machine via the Radmin tool.

The same online publication notes that according to Trend Micro, “the patch that plugs the remote code execution vulnerability that this campaign is exploiting was released in March 2017, so if you’re using SMBv1 (Microsoft Server Message Block) and you have not applied the patch yet, you should do so immediately.”

It seems that China and Taiwan received the most significant number of installation attempts.

If you want to find out more details especially tech ones regarding all of this we recommend that you head over to Trend Micro’s report.


Coins Mentioned

XMR

Monero

Trending news

Top Exchanges
Icon
CEX.IO

3

Website

Icon
Coinbase

2

Website

Icon
Binance

1

Website

Top Casinos
Icon
7bitcasino

4.20

Website

Icon
BitStarz

4.93

Website

Icon
FortuneJack

4.55

Website

Top Sportsbook
Icon
1xBit

4.03

Website

Icon
Nitrogen Sports

4.73

Website

Icon
SportBet.io

4.60

Website

Eduard Watson Author

An experienced finance writer for more than 10 years, active industry watcher, and gadget enthusiast.

1939 Articles

Top Exchanges
Icon
CEX.IO

3

Website

Icon
Coinbase

2

Website

Icon
Binance

1

Website

Top Casinos
Icon
7bitcasino

4.20

Website

Icon
BitStarz

4.93

Website

Icon
FortuneJack

4.55

Website

Top Sportsbook
Icon
1xBit

4.03

Website

Icon
Nitrogen Sports

4.73

Website

Icon
SportBet.io

4.60

Website

Trending news