Home » Researchers unearth Stealthy Crypto-Miner “Norman”

Researchers unearth Stealthy Crypto-Miner “Norman”


The Varonis Security team has just discovered a new kind of cryptojacking virus, according to a Varonis report published on Aug.14.

Following a thorough analysis of malware samples collected, the team found a new variant dubbed “Norman” that is capable of mining cryptocurrency Monero (XMR) without detection.

In order to mine a crypto coin like monero, cybercriminals and Hackers usually deploy cryptojacking hardware on machines of unsuspecting users with the intention of using their computing power.

According to the report, Norman is just one amongst many cryptojacking viruses that were found to have infected machines at a certain mid-size company.

In particular, Norman is a high-performance Monero cryptocurrency miner that is based on XMRig. One of Norman’s key attribute is that the moment a user opens up the Task Manager, it will close the crypto mining process. However, Norman will, later on, relaunch the miner using the process after Task Manager closes.

According to Varonis researchers, Zend Guard obfuscates Norman — which is based on the PHP programming language. Having found elements of French variables and functions in the virus’ code, the researchers suspect that Norman might have originated from a French-speaking country.

The self-extracting archive (SFX) file also contains French comments indicating that Norman’s creator used WinRAR’s French version to create that file.

Another hacking method

Last week, another similar company was able to uncover an unnerving update of XMR mining malware. A type of malware dubbed Smominru that allegedly is involved in mining operations and stealing user data was discovered by Carbon Black. The company fears that hackers might have sold the stolen data on the dark web. It wrote the following report:

“This discovery indicates a bigger trend of commodity malware evolving to mask a darker purpose and will force a change in the way cybersecurity professionals classify, investigate, and protect themselves from threats.”

Sources: https://cointelegraph.com/news/researchers-find-monero-mining-malware-that-hides-from-task-manager


About the author

James Lovett

James Lovett

James is a passionate writer on cryptocurrency industry and other disruptive technologies in the crypto world. He has written several crypto articles for numerous websites and blogs over the years.

Add Comment

Click here to post a comment

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.