Raróg: The Affordable Cryptocurrency Miner Trojan
A cryptocurrency miner Trojan known as Raróg, named after a fire demon in Slavic mythology, is on the rise, targeting unsuspecting victims and mining for Monero and other virtual currencies. What sets Raróg apart is its affordability, making it an attractive option for new criminals looking to enter the world of cybercrime.
Key Points:
- Raróg has spread to roughly 2,500 unique samples in the wild, connecting to 161 different command-and-control servers.
- There have been over 166,000 Raróg-related infections worldwide, with the majority in the Philippines, Russia, and Indonesia.
- The Trojan comes equipped with features such as providing mining statistics, configuring processor loads, infecting USB devices, and loading additional DLLs on victims.
- Raróg also utilizes botnet techniques, including downloading and executing other malware, launching DDoS attacks, and updating the Trojan.
- Available on Russian-speaking criminal underground sites, Raróg is priced at just $104, making it a cost-effective option for aspiring cybercriminals.
According to researchers at Palo Alto Networks’ Unit 42, Raróg’s simplicity and affordability make it an attractive choice for criminals looking to profit from cryptocurrency mining. While not highly sophisticated, Raróg provides an easy entry point for running a cryptocurrency mining botnet. As the value of cryptocurrencies remains high, it is likely that we will see more malware families with mining functionality emerge in the future.
For more information on Raróg and the ongoing threat it poses, stay tuned for updates from cybersecurity experts.