New tools and tactics have been harnessed by threat actors to facilitate a more clandestine cryptojacking campaign with optimized Monero mining capabilities, Infosecurity Magazine reports.Attacks involved luring targets into downloading illicit installers for supposed office productivity software, which deploys the Explorer.exe controller in the user directory before launching the XMRig cryptocurrency mining malware and ensuring persistence, according to Trellix researchers. Analysis of the controller's code, which had references to an anime, revealed a hardcoded expiration date of Dec. 23, 2025, as well as its delivery of various software-spoofing watchdog processes.Monero mining has also been significantly improved through the exploitation of the WinRing0x64.sys driver impacted with CVE-2020-14979. Such a campaign was noted by researchers to highlight the persistent innovation of commodity malware."As long as legacy drivers with known vulnerabilities remain validly signed and loadable, attackers will continue to use them as keys to the kingdom, bypassing the sophisticated protections of Ring 3 to operate with impunity in the Kernel," researchers added.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




