Cybersecurity company Varonis has discovered ‘Norman’, a new cryptojacking virus that aims to mine the cryptocurrency Monero (XMR) and evade detection.
Varonis published a report about Norman on 14 August 2019, which shows the malware as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero.
Norman in particular is a crypto miner based on XMRig – a high-performance miner for Monero cryptocurrency. One feature that Norman has is that it will close the crypto mining process in response to a user opening up Task Manager, and after Task Manager closes, Norman uses a process to relaunch the miner. Moreover, the researchers conjectured that Norman comes from a French-speaking country, due to the presence of French variables and functions within the virus’ code.
Similarly, another cybersecurity company, Carbon Black, uncovered an unsettling update to a strain of XMR mining malware. The company discovered that a type of malware called Smominru is stealing user data alongside its mining operations. Carbon Black believes that the stolen data may be sold by hackers on the dark web.