On August 14, it was reported that cybersecurity researchers had found a new form of malware that not only mines Monero cryptocurrency without the consent of users but also does so without allowing common means of detection. The researchers are calling the malware "Norman." They further said that the malware was just one of a number of cryptojacking viruses that they had found infecting a company.
Cryptojacking is far from a new phenomenon. For many years, criminals and hackers have used such malware to hijack computer resources in order to secretly mine cryptocurrencies. They have especially used the malware to mine Monero, which unlike most cryptocurrencies, requires CPU power to mine as opposed to GPU power.
The researchers say that Norman derives from XMRig, which they say is a high-performance Monero miner. What differentiates Norman from XMRig and from other forms of malware is that, if a user opens the Task Manager, the malware will automatically shutdown until the user closes the Task Manager, therefore avoiding a common means of malware detection.
While the researchers have yet to determine who exactly is behind Norman, they have been able to determine that the perpetrators are likely from a French-speaking country, due to the prevalence of French variables in the code and the use of French-language comments in the self-extracting archive. They also know that the malware was written in PHP and that the code has been obfuscated.
In other cryptocurrency-related cybersecurity news, another company has recently discovered a dangerous new strain of malware that mines Monero. Though this new malware, which is called Smominru, does more than just mine cryptocurrency. The researchers say that it also steals user data, and they believe that the people behind the malware are further selling this data on the so-called "dark web," which is a part of the Internet where computer IP addresses cannot be traced.
The researchers went on to say that this new breed of malware will require cybersecurity companies to change how they classify and investigate security threats as well as how they protect themselves against them.