Monero again exploited in cryptocurrency mining operation

Anthony Caruana 30 January 2018 NEWS


Potentially 15 million victims of a new XMRig attack.

Security researchers have found a large-scale cryptocurrency mining operation has been active for several months. Using the open source XMRig tool, about 15 million victims have been exploited over the last four months, according to Palo Alto Networks.

However, it's possible that twice as many people have fallen victim to the malware that uses VBS (Visual Basic Scripting) files and various online URL shortening services to install and run the XMRig payload.

Palo Alto said it found the malicious files were stored on 4sync's cloud storage and distributed by obfuscating filenames by using URL shortening services. Users were then duped into opening the files which, in turn, installed the malicious payloads. The malware used the Nicehash marketplace to sell the stolen processor power, harvested by the malware, to generate Monero cryptocurrency.

Although this particular scam wasn't detected in Australia – most of the victims were in South America and Asia – we can expect these types of scams to reach our shores.

This isn't the first time Monero has been used by threat actors and criminals. In another recent cryptojacking operation, Malware used YouTube adds to mine cryptocurrency using the computing resources of its victims.

In that case, Trend Micro said the bad guys used CoinHive – a supplier of cryptojacking software who skims 30% of the profit generated when their software is used.

With the days of the script-kiddy behind us, online crime has moved from malice and damage to commerce and greed. If you want to know where the bad guys are working, you simply need to follow the money. And with Monero one of the more highly rated cryptocurrencies on the market, it's unsurprising that criminals are targeting it as a way of generating funds.

If your computer starts running slowly, use a system utility like Activity Monitor on a Mac or Task Manager with Windows to check if your processor is getting thrashed when it should otherwise be idle. That may be a sign you've been cryptojacked.

Latest cryptocurrency news

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Ask a question
Go to site