Malware mining Monero discovered using hacking tools to infect Windows systems

Radmin and Mimikatz used to exploit flaw; targets firms in China, Taiwan, Italy, and Hong Kong

malware

Security researchers have discovered Monero mining malware that uses hacking tools such as Radmin and Mimikatz to propagate through Windows systems.

According to a blog post by security researchers at Trend Micro, the malware scans for open port 445 and exploit a Windows SMB Server Vulnerability MS17-010 (patched in 2017) for its infection and propagation routines. The malware was found to be targeting companies in China, Taiwan, Italy, and Hong Kong.

Researchers found a spike in activities between the last week of January and February this year, coinciding with regional holiday celebrations and events.

Mimikatz has been used with other hack tools and coin-mining malware in previous campaigns to collect user accounts and system credentials, while hackers have used Radmin to gain admin rights and other malware into targeted systems.

"However, this combination of Radmin and Mimikatz becomes a concern for data exfiltration of enterprise assets and information because of the randomly named and seemingly-valid Windows functions that may go undetected," said researchers.

Researchers said that the malware itself does not download the coinminer: "Instead, the miner malware payload is remotely downloaded and dropped through the command sent via Radmin to the target machine. While using outdated software, the modular structure of this payload may give way to other modular malware being included as well." 

Researchers noted that the hackers behind this malware campaign have intermediate-level skills.

"The use and stitching of multiple free tools available online from Python-compiled malware, open-source modules, outdated exploit and freeware hacktools may indicate the cybercriminal is still sharpening their criminal skill set," the researchers said, adding that users should regularly download patches from legitimate vendors as soon as they are released.

"For enterprises, we recommend having a multilayered protection system to detect, prevent, and resolve malware infections and attacks such as cryptocurrency miner-malware to prevent them from disrupting regular business operations." 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Android malware vendor teams with marketer to promote new malware
malware

Android malware vendor teams with marketer to promote new malware

11 Jan 2021
Python-based malware steals Outlook files and browser credentials
malware

Python-based malware steals Outlook files and browser credentials

15 Dec 2020
Subway UK customers targeted by Trickbot hackers
hacking

Subway UK customers targeted by Trickbot hackers

14 Dec 2020
Power banks could infect your smartphone with malware
malware

Power banks could infect your smartphone with malware

9 Dec 2020

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021