The Varonis Security team has just discovered a new kind of cryptojacking virus, according to a Varonis report published on Aug.14.
Following a thorough analysis of malware samples collected, the team found a new variant dubbed “Norman” that is capable of mining cryptocurrency Monero (XMR) without detection.
In order to mine a crypto coin like monero, cybercriminals and Hackers usually deploy cryptojacking hardware on machines of unsuspecting users with the intention of using their computing power.
According to the report, Norman is just one amongst many cryptojacking viruses that were found to have infected machines at a certain mid-size company.
In particular, Norman is a high-performance Monero cryptocurrency miner that is based on XMRig. One of Norman’s key attribute is that the moment a user opens up the Task Manager, it will close the crypto mining process. However, Norman will, later on, relaunch the miner using the process after Task Manager closes.
According to Varonis researchers, Zend Guard obfuscates Norman — which is based on the PHP programming language. Having found elements of French variables and functions in the virus’ code, the researchers suspect that Norman might have originated from a French-speaking country.
The self-extracting archive (SFX) file also contains French comments indicating that Norman’s creator used WinRAR’s French version to create that file.
Another hacking method
Last week, another similar company was able to uncover an unnerving update of XMR mining malware. A type of malware dubbed Smominru that allegedly is involved in mining operations and stealing user data was discovered by Carbon Black. The company fears that hackers might have sold the stolen data on the dark web. It wrote the following report:
“This discovery indicates a bigger trend of commodity malware evolving to mask a darker purpose and will force a change in the way cybersecurity professionals classify, investigate, and protect themselves from threats.”