Monero miners combines RADMIN and MIMKATZ to spread and infect

News by Robert Abel

A Monero miner-malware is leveraging RADMIN and MIMKATZ for propagation while exploiting critical vulnerabilities to spread in a worm-like behaviour to covertly target specific systems in industries in China, Taiwan, Italy, and Hong Kong.

A Monero miner-malware is leveraging RADMIN and MIMKATZ for propagation while exploiting critical vulnerabilities to spread in a worm-like behaviour to covertly target specific systems in industries in China, Taiwan, Italy, and Hong Kong.

Researchers noted an uptick in activities between the last week of January and February 2019 which coincidentally coincided with regional holiday celebrations and events with researchers noting attacks didn’t decrease after the Lunar New Year holidays, according to a 20 February Trend Micro blog post.

MIMIKATZ has been used with other hacking tools and cryptominers while RADMIN tools are used to gain admin rights and other malware into targeted systems. 

"This combination of RADMIN and MIMIKATZ becomes a concern for data exfiltration of enterprise assets and information because of the randomly named and seemingly-valid Windows functions that may go undetected." researchers said. "Also, we found it interesting that the sample itself does not download the coinminer."

Researchers said the technique displays some level of sophistication and that users are advised to  regularly download patches from legitimate vendors as soon as they are released.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews