According to a new study conducted by cybersecurity and intelligence firm, Guardicore Labs, a monero mining malware by the name XMRig, has been send to tens of millions of IP addresses. The malware has mainly attacked healthcare centers, the education sector, government agencies, banks, telecommunication firms, and many others.
The malware’s success rate has been abundant so far: the study by Guardicore shows that the monero mining malware has inflicted more than 500 SSH servers, including servers owned by major educational institutions across Europe, the United States, and a railway firm.
Furthermore, the report claims that a botnet triggers the XMRig monero mining malware by the name FritzFrog, which uses a kind of brute-force to attack millions of servers across the world to gain access. Once FritFrog penetrates the servers, it triggers a different procedure called “libexec,” which launches the monero mining malware, XMRig.
Highly effective monero mining malware
Although crypto-jacking incidents are nothing new, the cybersecurity firm reports that FritzFrog is a special type of malware. First of all, the botnet’s network was masked in a P2P system, making it very tough to trace. Guardicore also discovered that the botnet’s P2P execution was coded from the ground up, signaling that it was developed by “highly professional software developers.”
The botnet’s protocol is coded in a language referred to as Golang. The style is extremely volatile and does not leave any tracks on the disk. Furthermore, Golang forms an SSH public key that operates as a rear way that permits access to the infringed computer systems.
Cryptojacking malware targeting learning institutions
Earlier this year, a different crypto-jacking malware was targeting supercomputers owned by significant educational institutions. FritzFrog also seems to be targeting large supercomputers similar to those reported earlier. The cryptojacking malware at the time forced most of the supercomputers used for COVID-19 research to be shut down, obstructing the progress.