Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Content source
https://threatpost.com/rarog-trojan-easy-entry-for-new-cryptomining-crooks-report-warns/130995/
A malware family called Rarog is becoming an appealing and affordable tool for hackers to launch cryptocurrency mining attacks, researchers say. They say the Trojan is low priced, easily configurable and supports multiple cyrptocurrencies, making it an appealing option for hackers.
Palo Alto Networks’ Unit 42 research team, which posted a blog on Wednesday after tracking Rarog for months, said the malware comes equipped with a number of features that give attackers the ability to download mining software and configure it with any parameters they wish. The Trojan has been primarily used to mine the Monero cryptocurrency, but it has the capability to mine other cryptocurrencies as well, according to the report.

“The Rarog malware family represents a continued trend toward the use of cryptocurrency miners and their demand on the criminal underground,” said Unit 42’s post. “While not incredibly sophisticated, Rarog provides an easy entry for many criminals into running a cryptocurrency mining (operation). The malware has remained relatively unknown for the past nine months barring a few exceptions.”
...
...
Click to expand...
The Rarog Trojan employs a number of techniques, according to Unit 42. For example, “It allows the attackers to perform a number of actions, such as downloading and executing other malware, levying DDoS attacks against others, and updating the Trojan, to name a few. Throughout the malware’s execution, a number of HTTP requests are made to a remote C2 server,” according to Unit 42’s report.
The malware also provides mining statistics to users, configures various processor loads for the running miner, and enables attackers to infect USB devices, as well as load additional DLLs on a victim’s sytem.
Persistence is another key feature of Rarog, and the malware uses multiple mechanisms to maintain persistence on the victim’s systems, including the use of the Run registry key, scheduled tasks, and shortcut links in the startup folder, according to Unit 42.
.....
.....
.....
Click to expand...
 
  • Like
Reactions: Daviworld, Mariihh, silversurfer and 1 other person
You must log in or register to reply here.

Similar threads

Bot
    • Like
Security News New BunnyLoader Malware Variant Surfaces with Modular Attack Features
Replies
0
Views
834
Security News
Bot
Bot
silversurfer
    • +Reputation
    • Like
Malware News New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
Replies
0
Views
954
Security News
silversurfer
silversurfer
silversurfer
    • Like
    • Thanks
    • +Reputation
CryptoClippy Malware Targeting Portuguese Cryptocurrency Users
Replies
0
Views
1,057
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top