Rarog – A cryptomining Trojan is out in the wild

A malware family Rarog is out in the internet and being excessively used by the cyber criminals to execute cryptocurrency mining operations. Reseachers claim it to be an appealing option for hackers due to its low cost, easy configurations and support for multiple cryptocurrencies. Palo Alto Networks’ Unit 42 research team, which posted a blog on Wednesday after tracking Rarog for months, said the malware comes equipped with a number of features that give attackers the ability to download mining software and configure it with any parameters they wish.

The Trojan itself is likely named after aRaróg”, a fire demon that originates in Slavic mythology and is typically represented as a fiery falcon. Rarog primarily targets monero cryptocurrency, however it is capable of mining other cryptocurrencies as well. It has by far affected more than 166,000 victims across the globe. Major countries affected by this Trojan are Philippines, Indonesia and Russia. Researchers discovered 2,500 unique samples, connecting to 161 different commands and control (C2) servers. While a large number of machines are affected by this Trojan, the profit margin per machine has not gone beyond a mere US $ 120.

Rarog recently came on the radar when security firm Flashpoint stated in a report earlier this week that criminals were targeting the open-source e-commerce platform Magento with an array of malware families – including Rarog – since 2016. That left hundreds of e-commerce sites compromised by hackers to steal credit card numbers and inject cryptominers, said Flashpoint. “Analysts said the infection chain begins with the installation of data-stealing malware called AZORult from a binary hosted on GitHub. AZORult then downloads additional malware; in this campaign, the additional malware is the Rarog cryptocurrency miner,” according to Flashpoint’s report.

Logix Infosecurity keeps the clients safe by installing layers of security where they are required. Our experts and state-of-the-art technology keeps the threat away so that the clients can focus on their business.

Leave a Reply

Your email address will not be published. Required fields are marked *

Continue to chat
Hello 👋
Let us know how we can help you!