Monero: new virus that mines XMR
Monero: new virus that mines XMR

Monero: new virus that mines XMR

By Vincenzo Cacioppoli - 6 Dec 2021

Chevron down

According to a new report published a few days ago by cybersecurity firm Sophos, which boasts more than 500,000 corporate clients, a dangerous new variant of the crypto-miner Tor2Mine has allegedly been discovered, which is infecting corporate networks to mine Monero (XMR), the popular privacy-focused cryptocurrency.

“All of the miners we’ve seen recently are Monero miners”, said Sophos research author Sean Gallagher. According to what Sophos has disclosed, the new malware is a variant of the miner that exploits the Tor gateway to communicate with infected servers.

According to Gallagher, the malware would exploit security holes in a network, perhaps discovered by advanced antivirus security systems. Once installed on a server or computer, the malware spreads across the network.

New dangerous variant of the crypto-miner

Crypto-jacking and Monero

This type of cyberattack is called crypto-jacking because it is a computer crime whereby hackers exploit foreign devices to extract cryptocurrencies. This malware succeeds in diverting mining activity to other devices, while token mining is diverted to the hackers’ accounts.

Most of this criminal activity, including Tor2Mine, apparently makes use of Monero because of its untraceable nature. Crypto-mining attacks on Monero have been widespread for some time. 

In 2018 The Pirate Bay, a website where users can download films, music, software and games, reported crypto-jacking on the network to mine crypto, and in 2020 a botnet called Vollgar was discovered attacking Microsoft SQL servers for the same purpose.

Last June, a malware called Crackonosh was found to have infected 222,000 computers by downloading illegal and torrent versions of popular video games. This activity allegedly made the hackers more than 2 million Monero in profit.

In 2019, French police uncovered a cyberattack designed to mine Monero, which had infected over 850,000 computers. Working with the FBI, the Paris police had managed to foil the gigantic attack, which originated in Paris, but was mainly centred in Central and South America.

“Tor2Mine is much more difficult to root out once it’s established a foothold on a network without the assistance of endpoint protection software and other anti-malware measures… it can’t be eliminated just by patching and cleaning one system. The miner will continually attempt to re-infect other systems on the network”, concludes the Sophos report.

The news caused Monero’s price to slide more than 30% from $210 last Friday to $170 today.

Vincenzo Cacioppoli

Vincenzo was born in Genova but lived most of his life in Milan. He has a degree in political science. He is a journalist, blogger, writer, and marketing and digital advertising expert. After a long experience in traditional marketing, he started working with the web and digital advertising in 2011, creating a company called Le enfants. Passionate about the web and innovation, in 2018 he started exploring the topics related to blockchain technology and cryptocurrencies. Independent cryptocurrency trader since March 2018, he now collaborates with companies in the sector as a content marketing specialist. In his blog., he has long been primarily focused on blockchain, which he considers to be the greatest technological innovation after the Internet. His first book about blockchain and fintech is scheduled for release in November.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.