Malware mining Monero discovered using hacking tools to infect Windows systems
February 22, 2019 / Rene Millman
Security researchers have discovered Monero mining malware that uses hacking tools such as Radmin and Mimikatz to propagate through Windows systems. According to a blog post by security researchers at Trend Micro, the malware scans for open port 445 and exploit a Windows SMB Server Vulnerability MS17-010 (patched in 2017) for its infection and propagation routines. The malware was found to be targeting companies in China, Taiwan, Italy, and Hong Kong. Researchers found a spike in activities between the last week of January and February this year, coinciding with regional holiday celebrations and events. Mimikatz has been used with other hack tools and coin-mining malware in previous campaigns to collect user accounts and system credentials, while hackers have used Radmin to gain admin rights and other malware into targeted systems.