Criminals Use These New Techniques to Mine Monero (XMR) on Your Computer
The Stantinko botnet has weaponized unique techniques for stealthily mining Monero on about half a million computers under its control, according to Slovak internet security company ESET.
Alex DovbnyaNew obfuscating techniques
In its new post, ESET has outlined five new ways cryptojackers manage to obfuscate illicit cryptocurrency mining. The most elaborate one is generating the strings that are used by the malware in the computer’s memory. Meanwhile, the strings embedded in the module might not serve any purpose apart from deceiving the victim's antivirus software.
“Since all the strings to be used in a particular function are always assembled sequentially at the beginning of the function, one can emulate the entry points of the functions and extract the sequences of printable characters that arise to reveal the strings,” ESET researcher Vladislav Hrčka explains.
In order to avoid detection, bad actors also rely on such techniques as the addition of dead code and dead resources.
A new monetization strategy
The botnet, which started operating as early as in 2012, mainly targets users from Russia and Ukraine. Last year, the criminal behind it added a module Monero (XMR), the anonymous cryptocurrency, to generate more easy money. Prior to that, it would rely on advertising fraud and credential theft for monetizing.
Monero has been the darling of cryptojackers for years. As reported by U.Today, illegally mined coins account for more than four percent of the cryptocurrency’s total circulating supply.
Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Related articles
Dan Burgin
Vladislav Sopov