Varonis – a US-based cybersecurity firm – has come across a new type of crypto-jacking virus, named “Norman”, which specifically targets the Monero (XMR) coin.
According to a Varonis report on August 14, Norman has been caughts under the cybersecurity firm’s radar, following an attack of a hoard of cryptojacking viruses on a mid-scale firm.
Hackers and cybercriminals have taken advantage of the unsuspecting nature of computer users, releasing crypto viruses to illegally borrow the victims’ computing power for illegal crypto mining acts.
Particularly, Norman is an XMRig-based crypto mining virus – believed to be specifically designed to achieve a high efficiency on the Monero coin. One of Norman’s special feature, including its ability to shut down the crypto mining process whenever a Task Manager was deployed, in an attempt to avoid detection. After the program is closed, the virus will resume its illegal act.
The Varonis researchers revealed that the hackers used the PHP programming language to develop the virus, and is later obfuscated by Zend Guard. Further studies revealed Norman originated from a French-speaking nation, as can be learned from the French codes of th virus.
Moreover, the self-extracting archive (SFX) file of the virus also contains texts written in French, which led researchers to believe a French version of WinRAR has been employed in the process of making the SFX file.
Comments