google-site-verification: google30a059f9a075f398.html

VenusLocker Ransomware Gang Switches to Monero Mining

CyberWisdom Commentary:

A must read story from details that exposed hacker group, VenusLocker crew change their ransomware campaign with current Monero cryptocurrency mining, but, only targets South Korean users, for the time being, according to Joie Silva, security researcher at Fortinet’s FortiGuard Labs. The article reports that the spam emails contained a file attachment, an archive hiding a malicious EXE file.

Hiding EXE files in archive files is nothing new, but this particular campaign stood out because the archive format was EGG, a proprietary file format popular in South Korea only. Most antivirus engines on VirusTotal are not able to decompress the EGG archive and spot the malware within.

The EXE installed XMRig, a legitimate Monero mining application, but pre-configured to mine funds for the VenusLocker crew.

Under normal circumstances, it’s very hard for security firms to identify when cyber-criminal operations switch malware payloads. This time, Silva says they were able to tie the Monero miner to past VenusLocker ransomware installers because the miner EXE had almost identical metadata and the same target paths as previous VenusLocker binaries. Read below and linked article…


Massive Brute-Force Attack Infects WordPress Sites with Monero Miners Firefox Will Now Delay the Loading of Tracking Scripts Unsecured Amazon S3 Bucket Exposes Details on 123 Million American Households Windows 10 Facial Recognition Feature Can Be Bypassed with a Photo UK Teen Involved in Running vDOS DDoS Service Gets No Prison Time Citing Conflicts of Interest, Litecoin Founder Sells All His Litecoin Holdings Remove the RelevantKnowledge PUP Remove the Desert Style Basket Chrome Extension Remove the Pinwheel Rosettes Chrome Extension Remove the Windows Support Alert Tech Support Scam Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ How to Rename a Hyper-V Virtual Machine using PowerShell & Hyper-V Manager How to Install Hyper-V in Windows 10 How to Enable CPU Virtualization in Your Computer’s BIOS How to open a Windows 10 Elevated Command Prompt How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows The criminal group behind previous campaigns that have spread the VenusLocker ransomware have now switched their focus to delivering a Monero cryptocurrency miner instead. The switch is not a surprise. Monero price has gone from $132 on November 21 to $457 today, December 21. That’s 3.4 times the price from a month ago. In the past month, we’ve seen various cybercriminal campaigns switch their focus on delivering Monero miners —Zealot, Hexmen, Loapi, and this week’s massive brute-force attack wave that hit WordPress sites— and we expect to see more such attacks as Monero’s price continues to rise and gives attackers more reasons to hoard Monero. The malware distribution campaign originating from the VenusLocker crew only targets South Korean users, for the time being, according to Joie Silva, security researcher at Fortinet’s FortiGuard Labs. Engaging post, Read More…

thumbnail courtesy of