Cybersecurity company Varonis has discovered a new cryptography virus, dubbed "Norman", which aims to extract the Monero cryptocurrency (XMR) and escape detection.
Varonis published a report on Norman on August 14th. According to the report, Varonis found Norman as one of the many encryption viruses distributed in an attack that infected machines in a medium-sized company.
Hackers and cyber criminals implement cryptographic hardware to use the computing power of users' unsuspecting machines to extract cryptocurrencies like the Monero privacy-oriented currency.
Norman in particular is an XMRig-based cryptocurrency miner, described in the report as a high-performance miner for the Monero cryptocurrency. One of the main features of Norman is that it will close the cryptographic mining process in response to a user opening Task Manager. Then, after closing Task Manager, Norman uses a process to restart the miner.
Varonis researchers concluded that Norman is based on the PHP programming language and is overshadowed by Zend Guard. The researchers also speculated that Norman came from a French-speaking country, due to the presence of French variables and functions in the virus code.
Also, there are comments in French inside the self-extracting archive file (SFX). This indicates, according to the report, that Norman's creator used a French version of WinRAR to create the SFX file.
Another cybersecurity company has discovered a disturbing update to a variety of XMR mining malware last week. Carbon Black has discovered that a type of malware called Smominru is now stealing user data along with its mining operations. The company believes that the stolen data can be sold by hackers on the obscure web. In his report, Carbon Black wrote:
"This finding indicates a broader trend in commodity malware that evolves to mask a darker purpose and will force a change in the way IT security professionals classify, investigate and protect against threats."