Researchers Discover Malware Dropper that Secretly Mines Crypto

Cybersecurity has evolved over the years with new strategies and tools to bring individuals and institutions down. Earlier this week, cybersecurity firm Trend Micro published a report revealing how hackers have been able to use these droppers on their victims, as cases of their applications have started to increase. As the report notes, hackers use these malware droppers to conceal malicious code, and have them disseminated to victim computers, intending to use their combined computing power to mine cryptocurrencies. 

Hiding in Plain Sight

As the company explained, the beauty of this malware is that the code concealed in the dropper isn’t malicious in itself. Instead, hackers will need to ensure that it has been perfectly placed, then initiate it with a series of commands. The code uses a process known as “hollowing” to stay concealed and dormant on the victim’s computer, and the hackers will be able to initiate it when they please. 

The report added, “As the dropped file is only made of skeletal code with no behavior on its own, the file can stay undetected in the system and possibly evade even manual detection when dormant. The attackers can choose to activate the malware at specific times.”

The malware droppers have been predominantly used across Asian and South American countries, with Trend Micro noting prominent use in countries such as Brazil, India, Bangladesh, and Kuwait. Criminals favor droppers to mine Monero, a privacy-focused asset that can then be moved and laundered without any detection. 

Malware Use is Changing 

The use of cryptocurrency malware has exploded this year once more, as attackers have noted the increase in crypto prices and have been more than willing to devise means to profit off the computing power of others. 

However, what has been particularly impressive has been the way that malware has evolved this year to avoid possible detection. Earlier this year, researchers from IT security firm Varonis released a report detailing how they came about Norman; a cryptojacking tool that can seamlessly adapt to its environment

As the report showed, Norman works in the same way as every cryptojacking tool- it gets installed through any of several means, and uses the computer’s processing power to mine cryptocurrency. However, its standout feature is its ability to shut down itself as soon as it detects that the Task Manager software on the victim computer has been turned on. Once the Task Manager is closed, Norman wakes up again and is hard at work making some hacker rich. 

Just like the malware dropper, Norman helps to mine Monero as well. As Varonis noted, the tool is based on XMRig; a high-performance mining software for Monero. It was also found to be based on popular programming language PHP, while Zend Guard (a PHP encoding product) helps to keep it hidden from the victim computer’s Task Manager.

Varonis pointed out that the underlying code to the tool contains a lot of French variables, leading them to believe that French hackers might be responsible.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.

      Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system.