Varonis CyberSecurity Firm Warns About A New Cryptojacking Virus ‘Norman’ to Mine Monero

According to researchers in cybersecurity company Varonis, a cryptocurrency-mining malware is capable of remaining so well-hidden that it had spread to almost every computer at a company that had become infected.

Numerous modifications of cryptomining malware had been established in virtually every server and workstation in companies that had fallen victim, and that some machines had even been infected with password stealers which were likely used as a means of adding more machines to the mining botnet.

Named “Norman”, the virus mines cryptocurrency Monero (XMR) and escapes from detection. The malware’s deployment can be divided into three stages, namely Execution, Injection, and Mining. Varonis wrote,

“Most were generic variants of cryptominers. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years. Out of all the cryptominer samples that we found, one stood out. We named it ‘Norman.'”

Analysts of the cybersecurity firm have said that the strain. One of the striking peculiarities of Norman is that it will end the crypto mining process whenever a user begins Task Manager. Furthermore, Norman relaunches the miner after Task Manager is closed.

Earlier this month, BitcoinExchangeGuide has reported about cybersecurity firm Carbon Black stated that a widely used monero mining bot apparently contains a hidden module that has the ability to seize its users’ IP addresses, domain info, usernames, and passwords.

It is also being reported that a couple of years back, more than 500k machines were infected with a XMR mining protocol called XMRig.