A hacker group called Rare Werewolf has been covertly mining cryptocurrency across Russia and neighboring countries by infecting computers with XMRig malware, using sophisticated techniques to avoid detection. This campaign, active since at least 2019, involves phishing attacks and stealthy shutdown methods to maximize mining efficiency and evade detection. #RareWerewolf #XMRig #Kaspersky
Keypoints
- The Rare Werewolf group primarily targets industrial enterprises and educational institutions in Russia, Belarus, and Kazakhstan.
- Attackers gain access through Russian-language phishing emails containing password-protected archives with malicious executables.
- The group uses legitimate software like XMRig for mining and employs stealth techniques such as scheduled shutdowns and timed startup scripts.
- They collect system information, including CPU cores and GPU data, to optimize mining configurations and maximize earnings.
- Past campaigns also involved stealing sensitive documents, passwords, and hijacking Telegram accounts, employing methods similar to hacktivist groups.
Read More: https://therecord.media/russian-devices-hit-by-rare-werewolf-crypto-mining