Influenza A virus subtype H5N1 malware theatre unit of measurement called Rarog (a burn demon that originates inward Slavic mythology) is becoming an appealing too affordable tool for hackers to launch cryptocurrency mining attacks, researchers say. They nation the cryptocurrency miner Trojan is depression priced, easily configurable too supports multiple cryptocurrencies, making it an appealing selection for hackers.
Rarog Trojan sold on the diverse cloak-and-dagger forum since June 2017 too countless cybercriminals were used to compromise many victims.
Palo Alto Networks’ Unit 42 interrogation team, which posted a weblog on Midweek afterward tracking Rarog for months, said the malware comes equipped amongst a publish of features that laissez passer on attackers the might to download mining software too configure it amongst whatever parameters they wish. The Trojan has been primarily used to mine the Monero cryptocurrency, but it has the capability to mine other cryptocurrencies every bit well, according to the report.
This Cryptomining Trojan distributes amongst diverse interesting futures such every bit features, including providing mining statistics to users, configuring diverse processor loads for the running miner, the might to infect USB devices too the might to charge additional dynamic-link libraries (DLLs) on the victim.
Researchers added that to date, at that spot are to a greater extent than or less 2,500 unique samples inward the wild, connecting to 161 dissimilar command-and-control (C&C) servers. The theatre has confirmed to a greater extent than than 166,000 Raróg-related infections worldwide, to a greater extent than oft than non inward the Philippines, Russian Federation too Indonesia.
“The Rarog malware theatre unit of measurement represents a continued tendency toward the purpose of cryptocurrency miners too their demand on the criminal underground,” said Unit 42’s post. “While non incredibly sophisticated, Rarog provides an slowly entry for many criminals into running a cryptocurrency mining (operation). The malware has remained relatively unknown for the by nine months barring a few exceptions.”
In add-on to money mining, Raróg also employs a publish of botnet techniques, including the might to download too execute other malware, levying distributed denial-of-service (DDoS) attacks against others too updating the Trojan, to elevate a few.