Monero Hacker Group 'Outlaw' Is Back and Targeting American Business: Report

Outlaw, a group specializing in cryptojacking machines to mine monero, has returned after a brief hiatus and is expanding its global reach, according to Trend Micro.

AccessTimeIconFeb 11, 2020 at 7:28 p.m. UTC
Updated Sep 13, 2021 at 12:17 p.m. UTC

A group specializing in hijacking victims' computer power to mine for monero has returned with new tools to attack businesses based in the U.S. and Europe.

Japanese cybersecurity firm Trend Micro reported Monday the group, known as Outlaw, had begun infiltrating Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin monero (XMR), a process known as cryptojacking.

Trend Micro's report said Outlaw used a combination of pre-existing tools and new techniques to monitor for programs that could detect its malware.

The newly improved malware can also hunt down and kill existing mining bots – even the group's previous miners – found in infected systems, taking out the competition and improving mining profits. Past iterations had only been able to partially reduce the activity of rival mining bots.

Trend Micro said Outlaw's activity began increasing in December following several months of inactivity. "[W]e expect the group to be more active in the coming months as we observed changes on the versions we acquired," the report reads.

Although Outlaw had previously confined itself to computer systems in China, Trend Micro's report found it was now targeting businesses in Europe and the U.S. The cybersecurity firm found the group targeted several of its honeypots – mechanisms designed to lure hackers to attack it – situated across the Eastern European region.

The report did not disclose the names of any businesses, in the U.S. or elsewhere, that had been affected by Outlaw's malware.

The group might also try to steal information and sell it to the highest bidder, Trend Micro said. Companies in the financial and auto industries that have not recently updated their internet security systems are at high risk, the cybersecurity firm warned.

Outlaw first came to prominence in 2018 after it installed crypto-mining bots in the software of internet-of-things (IoT) devices. In 2019, Trend Micro detected the group attacking computer systems in China with a similar malware design that would hijack computer power to mine monero.

Malware that hijacks computer power to mine monero is not uncommon. In February 2018, more than half a million computers were infected with a botnet that mined nearly 9,000 XMR tokens (then worth approximately $3.6 million) over a nine-month period. Being a privacy coin, hackers can sell monero without risk of detection from authorities.

Very little is known about the Outlaw hacking group, not even what it call itself. Trend Micro coined the name "Outlaw" as a translation of the Romanian word haiduc, which is the name of one of the group's favorite hacking tools.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.