banner
Intelligent crypto mining malware bypasses antivirus and extracts Monero
Intelligent crypto mining malware bypasses antivirus and extracts Monero
Security

Intelligent crypto mining malware bypasses antivirus and extracts Monero

By Alfredo de Candia - 21 Jan 2019

Chevron down

Recently a new type of crypto mining malware has been discovered that manages to bypass cloud-based antivirus and install a software that mines Monero (XMR).

Two Palo Alto Networks researchers published a detailed article on how a new type of crypto mining malware originating from the “Rocke group”, targets the cloud-based infrastructure.

It  takes control of the PC, uninstalls the antivirus and installs a software to mine Monero, all without being noticed.

crypto mining malware monero

The researchers found that the crypto malware can uninstall at least five antivirus based on Linux servers including that of Alibaba and Tencent. In addition, the crypto-malware follows a guided uninstallation as per the manual.

All this is possible by exploiting a vulnerability in Apache Struts 2, Oracle WebLogic and Adobe ColdFusion on which an “a7.” script is downloaded that triggers the procedure.

This crypto-malware was discovered for the first time in August by Cisco’s Talos Intelligence Group and since then this type of malware has always updated infecting other machines.

Another cyber security company, Check Point Software Technologies, also noticed in November an evolution of the malware that mines Monero.

In fact, Monero remains the preferred crypto for hackers and, as a report made by some researchers of the Universidad Carlos III de Madrid and King’s College London shows, hackers have mined 4.32% of Monero in circulation.

Another finding is the increase in crypto-malware of over 4.000% over the last year as reported by a McAfee study.

Alfredo de Candia
Alfredo de Candia

Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.