According to a new report published a few days ago by cybersecurity firm Sophos, which boasts more than 500,000 corporate clients, a dangerous new variant of the crypto-miner Tor2Mine has allegedly been discovered, which is infecting corporate networks to mine Monero (XMR), the popular privacy-focused cryptocurrency.
“All of the miners we’ve seen recently are Monero miners”, said Sophos research author Sean Gallagher. According to what Sophos has disclosed, the new malware is a variant of the miner that exploits the Tor gateway to communicate with infected servers.
According to Gallagher, the malware would exploit security holes in a network, perhaps discovered by advanced antivirus security systems. Once installed on a server or computer, the malware spreads across the network.
Crypto-jacking and Monero
This type of cyberattack is called crypto-jacking because it is a computer crime whereby hackers exploit foreign devices to extract cryptocurrencies. This malware succeeds in diverting mining activity to other devices, while token mining is diverted to the hackers’ accounts.
Most of this criminal activity, including Tor2Mine, apparently makes use of Monero because of its untraceable nature. Crypto-mining attacks on Monero have been widespread for some time.
In 2018 The Pirate Bay, a website where users can download films, music, software and games, reported crypto-jacking on the network to mine crypto, and in 2020 a botnet called Vollgar was discovered attacking Microsoft SQL servers for the same purpose.
Last June, a malware called Crackonosh was found to have infected 222,000 computers by downloading illegal and torrent versions of popular video games. This activity allegedly made the hackers more than 2 million Monero in profit.
In 2019, French police uncovered a cyberattack designed to mine Monero, which had infected over 850,000 computers. Working with the FBI, the Paris police had managed to foil the gigantic attack, which originated in Paris, but was mainly centred in Central and South America.
“Tor2Mine is much more difficult to root out once it’s established a foothold on a network without the assistance of endpoint protection software and other anti-malware measures… it can’t be eliminated just by patching and cleaning one system. The miner will continually attempt to re-infect other systems on the network”, concludes the Sophos report.
The news caused Monero’s price to slide more than 30% from $210 last Friday to $170 today.