FortiGuard Labs recently discovered that cybercriminals behind VenusLocker ransomware attacks from last year have switched their tactics to now target the cryptocurrency market.
According to the report, they’re using phishing attacks to infect victims’ systems with malware used to mine Monero, an open-source cryptocurrency trading at close to $400 USD.
Some say the shift can likely be attributed to the rapid rise in cryptocurrency values and potential to profit in mining malware campaigns.
The files used in phishing attacks are compressed EGG archive format, more common for intended targets in South Korea given the proprietary format was developed by a South Korean software company ESTsoft.
Some AV vendors have also had trouble extracting the archive as needed to normally detect the malware contents contained in the archive.
Trend Micro further observed the malware attempts to hide potential resource hogging and detection by executing the miner as a remote thread under wuapp.exe, a legitimate Windows component.
- North Korea threat actors use AppleJeus malware to steal cryptocurrency
- ElectroRAT malware zaps thousands of systems to empty cryptocurrency wallets
- Open ADB port attacks spread cryptocurrency-mining botnet
- Oracle WebLogic Server vulnerability exploited to install cryptocurrency miner
- BabyShark malware expands targets to cryptocurrency industry