Cryptojacking Group Hacks Hundreds Of Devices To Mine Crypto
The Librarian Ghouls hacker group has compromised hundreds of Russian devices and used them to mine crypto in an apparent case of cryptojacking, cybersecurity firm Kaspersky says.
The hacker group, which is also known as Rare Werewolf, gains access to systems through malware-ridden phishing emails disguised as messages from legitimate organizations that appear to be official documents or payment orders, Kaspersky said in a report on Monday.
Hackers scope out device info before mining
After a computer is infected with the malware, the hackers establish a remote connection and disable security systems such as Windows Defender.
The infected device is also programmed to turn on at 1 am and shut down at 5 am, with the hackers using the time frame to further establish unauthorized remote access and steal login credentials.
“It is our assessment that the attackers use this technique to cover their tracks so that the user remains unaware that their device has been hijacked,” Kaspersky said.
They then steal login credentials and also collect information about the device’s available RAM, CPU cores and GPUs to optimally configure the crypto miner before deploying it.
While the miner is running, the hackers maintain a connection to the mining pool, sending a request every 60 seconds, according to Kaspersky. “We observe that the attackers are continuously refining their tactics, encompassing not only data exfiltration but also the deployment of remote access tools and the use of phishing sites for email account compromise,” the firm said. So far, the hacking campaign, which started in December and is ongoing, has affected hundreds of Russian users, particularly industrial enterprises and engineering schools, with additional victims reported in Belarus and Kazakhstan. The origin of the group hasn’t been established; however, Kaspersky said the phishing emails are “composed in Russian and include archives with Russian filenames, along with Russian-language decoy documents.” Related: Ukraine arrests man for breaching hosting accounts to mine crypto “This suggests that the primary targets of this campaign are likely based in Russia or speak Russian,” Kaspersky said. Kaspersky speculates that the Librarian Ghouls might be hacktivists, who use hacking as a form of civil disobedience to promote a political agenda, due to the use of techniques commonly associated with similar groups, such as reliance on legitimate, third-party utilities. “A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. It’s unknown how long the group has been active, but another Russian cybersecurity firm, BI. ZONE said in a Nov. 23 report that Rare Werewolf has been around since at least 2019. Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why
Cryptojacking campaign ongoing since 2024
Librarian Ghouls could be hacktivists
Bitcoin (BTC) $ 104,625.00
Ethereum (ETH) $ 2,518.28
Tether (USDT) $ 0.999993
XRP (XRP) $ 2.16
BNB (BNB) $ 644.83
Solana (SOL) $ 145.58
USDC (USDC) $ 0.999799
TRON (TRX) $ 0.275068
Dogecoin (DOGE) $ 0.169390
Lido Staked Ether (STETH) $ 2,518.25
Cardano (ADA) $ 0.598359
Wrapped Bitcoin (WBTC) $ 104,578.00
Hyperliquid (HYPE) $ 36.14
Wrapped stETH (WSTETH) $ 3,035.18
Bitcoin Cash (BCH) $ 491.20
Sui (SUI) $ 2.81
Chainlink (LINK) $ 13.01
LEO Token (LEO) $ 9.01
Stellar (XLM) $ 0.248812
Avalanche (AVAX) $ 18.00
Toncoin (TON) $ 2.96
WhiteBIT Coin (WBT) $ 49.40
USDS (USDS) $ 0.999773
Shiba Inu (SHIB) $ 0.000012
WETH (WETH) $ 2,518.33
Wrapped eETH (WEETH) $ 2,694.87
Litecoin (LTC) $ 85.02
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Hedera (HBAR) $ 0.146859
Monero (XMR) $ 309.08
Ethena USDe (USDE) $ 1.00
Polkadot (DOT) $ 3.51
Bitget Token (BGB) $ 4.27
Coinbase Wrapped BTC (CBBTC) $ 104,666.00
Uniswap (UNI) $ 7.55
Pepe (PEPE) $ 0.000010
Pi Network (PI) $ 0.539117
Aave (AAVE) $ 254.85
Dai (DAI) $ 0.999671
OKB (OKB) $ 53.83
Ethena Staked USDe (SUSDE) $ 1.18
Bittensor (TAO) $ 348.58
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Cronos (CRO) $ 0.090448
Aptos (APT) $ 4.37
Internet Computer (ICP) $ 5.05
NEAR Protocol (NEAR) $ 2.15
Jito Staked SOL (JITOSOL) $ 176.17
sUSDS (SUSDS) $ 1.06
Ethereum Classic (ETC) $ 16.61
Ondo (ONDO) $ 0.765058
Tokenize Xchange (TKX) $ 29.38
USD1 (USD1) $ 0.999656
Mantle (MNT) $ 0.630618
Gate (GT) $ 16.91
Fasttoken (FTN) $ 4.43
Official Trump (TRUMP) $ 9.30
VeChain (VET) $ 0.021576
Kaspa (KAS) $ 0.069423
Cosmos Hub (ATOM) $ 4.01
Lombard Staked BTC (LBTC) $ 104,265.00
Artificial Superintelligence Alliance (FET) $ 0.673387
Ethena (ENA) $ 0.282160
POL (ex-MATIC) (POL) $ 0.188184
Sky (SKY) $ 0.079050
Render (RENDER) $ 3.14
Filecoin (FIL) $ 2.35
USDT0 (USDT0) $ 0.999492
Binance-Peg WETH (WETH) $ 2,518.04
Worldcoin (WLD) $ 0.926252
First Digital USD (FDUSD) $ 0.998262
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.37
Arbitrum (ARB) $ 0.300087
USDtb (USDTB) $ 0.999645
Algorand (ALGO) $ 0.167551
KuCoin (KCS) $ 11.07
Binance Staked SOL (BNSOL) $ 153.93
NEXO (NEXO) $ 1.21
Flare (FLR) $ 0.017872
SPX6900 (SPX) $ 1.29
Jupiter (JUP) $ 0.400343
Rocket Pool ETH (RETH) $ 2,868.22
Kelp DAO Restaked ETH (RSETH) $ 2,637.22
Sei (SEI) $ 0.201031
Injective (INJ) $ 11.28
Celestia (TIA) $ 1.62
Bonk (BONK) $ 0.000014
Virtuals Protocol (VIRTUAL) $ 1.66
Kaia (KAIA) $ 0.182394
Fartcoin (FARTCOIN) $ 1.03
Polygon Bridged USDT (Polygon) (USDT) $ 0.999935
Sonic (S) $ 0.317888
Binance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999751
Optimism (OP) $ 0.569392
Stacks (STX) $ 0.630537
AB (AB) $ 0.014831
PayPal USD (PYUSD) $ 0.999531
XDC Network (XDC) $ 0.058071
Mantle Staked Ether (METH) $ 2,696.33
StakeWise Staked ETH (OSETH) $ 2,640.79
