Researchers Find Monero Mining Malware That Hides From Task Manager

Published on by Cointele | Published on

Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed "Norman," that aims to mine the cryptocurrency Monero and evade detection.

Varonis published a report about Norman on Aug.14.

According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company.

Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero cryptocurrency.

One of the key features of Norman is that it will close the crypto mining process in response to a user opening up Task Manager.

After Task Manager closes, Norman uses a process to relaunch the miner.

The researchers at Varonis concluded that Norman is based on the PHP programming language and is obfuscated by Zend Guard.

The researchers also conjectured that Norman comes from a French-speaking country, due to the presence of French variables and functions within the virus' code.

Another cybersecurity company uncovered an unsettling update to a strain of XMR mining malware last week.

Carbon Black discovered that a type of malware called Smominru is now stealing user data alongside its mining operations.

x