Smoking Out the Rarog Cryptocurrency Mining Trojan
(Apr 4, 2018)
Palo Alto Unit 42 researchers have published a report discussing a new cryptocurrency-mining trojan called “Rarog.” The trojan has been offered for purchase on various underground forums since June 2017, and at the time of this writing, can be purchased for approximately $104 USD. The malware is primarily used to mine “Monero” but is capable of mining other cryptocurrencies. In addition to mining, Rarog can also configure different processor loads, download Dynamic Link Libraries (DLLs), infect USB drives, and provide mining statistics.
Recommendation: Cryptocurrency miners causes a high CPU usage, therefore, if fans seem to be always running on a laptop machine, the activity/task manager should be checked to see if miners are running unknowingly.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.