Varonis, the cybersecurity firm, has identified a new cryptojacking virus named “Norman” that mines cryptocurrency Monero (XMR) and escape from detection. As per report, Varonis discovered Norman when it scanned for cryptojacking viruses in systems used by a mid-sized firm.
Hackers and cyber thieves employ cryptojacking software to exploit the computing power of ill-informed users’ systems to mine cryptos such as privacy focused Monero.
Specifically, Norman is a XMRig based crypto miner, which offers high performance for Monero cryptocurrency mining. One of the salient features of Norman is that it will end the crypto mining process whenever a user opens up Task Manager. Likewise, Norman relaunches the miner after Task Manager is closed.
Varonis researchers came to a conclusion that Norman is coded in PHP and concealed by Zend Guard. On the basis of French functions and variables in the code, the researchers ascertained that Norman has been created by a country having French as a primary language.
Furthermore, the self-extracting archive (SFX) file has comments in French. This signals that Norman’s creator utilized a French version of WinRAR to develop the SFX file.
Notably, last week, another cybersecurity firm, Carbon Black, identified XMR mining malware. The firm identified a kind of malware named Smominru, which is swindling user information along with the commencement of cryptocurrency mining.
The firm hopes that the stolen information may be offered on sale by hackers in the dark web. Carbon Black, in its report, said
“This discovery indicates a bigger trend of commodity malware evolving to mask a darker purpose and will force a change in the way cybersecurity professionals classify, investigate and protect themselves from threats.”