A Monero Malware Has Been Upgraded and Can Now Steal Passwords

Hackers have updated “Black-T,” a long-running Monero malware, to steal user credentials and take over any other illicit miners on a victim computer, according to a report by cybersecurity firm Unit 42. Such malware behavior was previously unseen.

Crypto malware typically infects computers and use the illicitly gained computing power to mine proof-of-work cryptocurrencies, such as Bitcoin but typically Monero, on behalf of the hackers. Such attacks—known as cryptojacking—are fairly common and are deployed across individual computing networks and whole enterprises.

But like everything in the computing world, there’s an update. Black-T can now find sensitive user information hosted on a victim computer and send it over to the hackers who may then use the illegally gained information for further attacks. These include, but are not limited to, passwords, online credentials, and bank account details.

This Malware Attacks Crypto Holders in Three Different Ways

Security researchers have unearthed a new strain of malware dubbed KryptoCibule—and it specifically targets cryptocurrency enthusiasts. According to a report from Cyber-security firm ESET, KryptoCibule represents a triple threat for crypto holders. First, the malicious software installs a miner for a process known as cryptojacking, a method that harnesses the victim's computing power to mine cryptocurrencies on the hacker's behalf. It then steals any files related to cryptocurrency wallets, wipi...

Black-T uses a hacking tool called “Mimikatz” to scrape plaintext passwords from Windows OS systems, said the report. The tool also allows attackers to hijack user sessions, such as interrupting computer usage when a user is active. 

Seek and destroy...and install again

The credential theft update is not all. “Of these new techniques and tactics, most notable are the targeting and stopping of previously unknown cryptojacking worms,” said Unit 42 researcher Nathaniel Quist.

This means that if Black-T finds any computer already hosting a mining malware, it automatically attacks those files, disables the miners, and then in an almost non-benevolent fashion, installs its own cryptojacking program. 

Cryptojacking still huge, but in decline, says new report

Cryptojacking, the malware that hijacks your computer’s processing power to mine cryptocurrency in your browser, is still the most popular way for hackers to make people miserable online, according to new reports by cyber security company Check Point. Check Point say the phenomenon, though still popular, is also rapidly in decline. In the first half of last year, 42% of organizations worldwide had been infected by crypto-miners at some point. For the same period this year, just 26%.  “[Cryptojac...

Such a step allows a computer’s processing power to be fully used by Black-T (ensuring maximum gains for the hacker).

Another update on the cards

Quist said that the team behind Black-T may not be stopping with newer updates any time soon. “Unit 42 believes TeamTnT actors are planning on building more sophisticated cryptojacking features into their toolsets – specifically for identifying vulnerable systems within various cloud environments,” Quist noted.

XMR

+3.18%$226.74

---

24H7D1M1YMAX

Price data by

XMR price

Meanwhile, Unit 42 said protection against such attacks is relatively easy: Users must ensure no files with highly sensitive information are exposed to the internet and that threat software is fully updated and from a reputed brand.