Cryptocurrency mining Trojan malware dubbed Raróg (after a fire demon in Slavic mythology) continues infesting more and more machines via the internet and making them mine Monero and other cryptocurrencies to cybercriminals’ benefit.
According to the data provided by Unit 42 research group from Palo Alto Networks cybersecurity company, there are about 2 500 active varieties of this virus currently in the web. The malware relies on 161 different command-and-control (C&C) servers, whereas more than 166 000 devices are infested by it worldwide. Most of the victim devices are located in Philippines, Russia and Indonesia.
The peculiarity of Raróg in comparison to other malicious software of such type lies in the abundance of its features which include mining statistics, infested processors’ load adjustment options, the abilities to infect USB devices and to load additional dynamic-link libraries (DLLs) on victims’ devices. Apart from mining cryptocurrencies, Raróg is capable of self-updating, downloading and running other malware and DDos attacks.
“The Rarog malware family represents a continued trend toward the use of cryptocurrency miners and their demand on the criminal underground. While not incredibly sophisticated, Rarog provides an easy entry for many criminals into running a cryptocurrency mining botnet. The malware has remained relatively unknown for the past nine months barring a few exceptions. As the value of various cryptocurrencies continues to remain high, it is likely that we’ll continue to see additional malware families with mining functionality surface,” – Unit 42 researchers wrote in the blog.
Affordability is yet another interesting feature of Raróg, as it is available on Russian-speaking criminal underground websites for mere $104 at current exchange rate.
According to a report by Malwarebytes, Android-based cryptojacking has grown by 4000 percent since the end of last year.