The trojan virus named after a Slavic god of fire Raróg continues to mine cryptocurrency. It is spreading on the Internet, getting inside PCs and mining through the machines of the unsuspecting victims Monero and other cryptocurrencies. Monero is a coin based on the CryptoNote protocol oriented to improve the anonymity of transactions.
42 Palo Alto Networks researchers gathered in a group to track Rarog. After several months of spying, they announced their verdict. Currently, there are 2500 unique samples of the defined OS on the web, connected to 160 Command and Control Servers (C&C).
The representatives of the company found over 166 000 cases of PCs being infected with Raróg worldwide. But the hottest spots are in Russia, Indonesia, and the Philippines.
According to Palo Alto Networks scientists, Rarog must be considered not as a virus, but as а crypto-mining-bot. He was created precisely for a secret mining of Monero on Windows OS.
The corporation states that for the first time the trojan was noticed on Russian speaking side forums. A person nicknamed arsenkooo135 was selling the program for 6 thousand rubles. The evil soft can regulate the load on victims’ CPU and monitor the results of mining. It can’t be seen as it hides its work from the analyzing tools and Windows Task Manager.
It’s fascinating that the trojan is equipped with a number of tools. Among them, there are mining statistics provided to users, settings of varied central processors’ loads for a working miner, opportunity to charge USB devices and a feature to download dynamic link libraries (DLL). In addition to the mining of coins, Raróg also uses a range of botnet methods, including an ability to download, upload and running of other harmful programs, for example, distributed denial-of-service (DDoS). Moreover, the trojan can be updated to the latest version.
It is today available on a list of Russian criminal side websites and is sold for only $104 due to the up-to-date changing rates.
A family of harmful Ragog programs represents a permanent tendency to the usage of cryptocurrency miners from the side of criminal elements. Despite the fact that Raróg is not something extremely complicated, it supplies an easy entrance to botnet-business on cryptocurrency mining for many law-breakers.
– researchers commented on their blog.