Altcoin News: A New Miner Virus Has Been Discovered
August 15, 2019, by Marko Vidrih on ALTCOIN MAGAZINE
Cybersecurity company Varonis has announced the discovery of a new Norman miner virus, which hides its presence from the task list.
The report says that Norman was accidentally discovered during an audit of the company that was attacked. The main feature of the miner virus is that when you open the task manager in Windows, the program finishes the mining process so that the user does not realize that his computer has been infected. After the task manager closes, cryptocurrency mining starts again.
Note that Norman is mining the Monero cryptocurrency using the popular miner XMRig. The virus is written in the .NET programming language and has been obfuscated using Agile. For installation, the solution is used to create the Nullsoft Scriptable Install System installation packages, and the svchost system process is used to launch the virus itself. Interestingly, the virus also communicates with a remote server using PHP code.
After a deep analysis of the virus, the researchers concluded that Norman’s country of origin is France or any other French-speaking country since phrases in French were found in the code.
Recall that in mid-June, Trend Micro announced the discovery of an entire botnet of the hacker group Outlaw, which distributes the mining component Monero.
Author: Marko Vidrih
