Security researchers detect new variant of Monero mining exploit Tor2Mine

It became known that the Bitmart exchange uses the amount of about $ 200 million that was stolen through the Ethereum and Binance smart network. The use of exploits is becoming more frequent, hackers are inventing new ways to infiltrate malware on a user’s computer. 

Users need to be attentive and careful. In addition, mining companies have created a non-risky way of earning money for hackers, taking advantage of network vulnerabilities. 

Recently, security specialists at Sophos announced the return of Tor2Mine. This is a mining system that has a Tor gateway to connect to hacked servers. 

Stealing processing power 

Crypto-hacking refers to cybercrime. Hackers gain unauthorized access to mining using foreign devices. Using devices as energy sources, while remaining invisible to users, hackers receive new tokens without spending their money and energy. 

Most of these attacks, including Tor2Mine, are carried out against Monero. Altcoin is most advantageous for this method of obtaining due to its peculiarity that it cannot be tracked. 

Tor2Miner disables device intrusion protection using Microsoft PowerShell scripts. Further, under the guise of a miner payload, it provides a malicious program that processes system resources, collecting Windows credentials. Tor2Mine, using credentials, spreads further and further, infecting more and more devices in the compromised network. Until it is completely destroyed, the systems will not be safe. 

Sophos noted that at the beginning of 2021, a particularly high activity of Tor2Mine infections was detected. When new ways of implementation appeared, this indicator decreased. It can be assumed that changing the settings of the operator or the same campaign participants helps to improve the situation. Since June, the antivirus policy has applied two ways to combat Tor2Mine, without radically changing the action plan. 

If Tor2mine manages to stay online and no longer requires the help of software to counteract antivirus programs, then the fight against it will already require more serious measures than cleaning the system and fixing bugs. Tor2mine will constantly spread and infect new networks. 

Only one option is to install new software capable of detecting this virus. With the increasing number of cryptocurrency users, illegal mining has become a frequent phenomenon for taking possession of digital currency. According to Google’s latest cybersecurity report, about 86% of compromised user accounts are used for illegal mining, for scanning and attacks on potential victims. 

Kaspersky’s July report indicated that the theft of cryptocurrencies has decreased, compared with the peak in 2017-2018 during the first wave of popularity of cryptocurrencies. But the total number of users affected by hacker miners reached 200,045 in March, compared to January of this year (187,746 users).