A group specializing in hijacking victims' computer power to mine for monero has returned with new tools to attack businesses based in the U.S. and Europe.
Japanese cybersecurity firm Trend Micro reported Monday the group, known as Outlaw, had begun infiltrating Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin monero (XMR), a process known as cryptojacking.
Trend Micro's report said Outlaw used a combination of pre-existing tools and new techniques to monitor for programs that could detect its malware.
The newly improved malware can also hunt down and kill existing mining bots – even the group's previous miners – found in infected systems, taking out the competition and improving mining profits. Past iterations had only been able to partially reduce the activity of rival mining bots.
Trend Micro said Outlaw's activity began increasing in December following several months of inactivity. "[W]e expect the group to be more active in the coming months as we observed changes on the versions we acquired," the report reads.
Although Outlaw had previously confined itself to computer systems in China, Trend Micro's report found it was now targeting businesses in Europe and the U.S. The cybersecurity firm found the group targeted several of its honeypots – mechanisms designed to lure hackers to attack it – situated across the Eastern European region.
The report did not disclose the names of any businesses, in the U.S. or elsewhere, that had been affected by Outlaw's malware.
The group might also try to steal information and sell it to the highest bidder, Trend Micro said. Companies in the financial and auto industries that have not recently updated their internet security systems are at high risk, the cybersecurity firm warned.
Malware that hijacks computer power to mine monero is not uncommon. In February 2018, more than half a million computers were infected with a botnet that mined nearly 9,000 XMR tokens (then worth approximately $3.6 million) over a nine-month period. Being a privacy coin, hackers can sell monero without risk of detection from authorities.
Very little is known about the Outlaw hacking group, not even what it call itself. Trend Micro coined the name "Outlaw" as a translation of the Romanian word haiduc, which is the name of one of the group's favorite hacking tools.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.