Unauthorized cryptocurrency mining struck PH, report says

According to a newly released study by a US-based tech firm, the Philippines was heavily infected by unauthorized cryptocurrency mining over the last few months.

Click to enlarge

Researchers from Unit 42 of Palo Alto Networks have investigated a relatively unknown coin mining Trojan that goes by the name “Rarog”.

The relatively unknown coin-mining Trojan has been linked to over 166,000 infections worldwide – the majority of which are in the Philippines, Indonesia, and Russia.

The Trojan is likely named after a “Raróg”, a fire demon that originates in Slavic mythology and is typically represented as a fiery falcon.

The Rarog mining malware has been sold on various underground forums since June 2017, and presents an affordable way for new criminals to propagate unauthorized cryptomining in the region, the report said.

To date, Palo Alto Networks has observed roughly 2,500 unique samples, connecting to 161 different command and control (C2) servers.

The report said Rarog has been seen primarily used to mine the Monero cryptocurrency. However, it has the capability to mine others.

It comes equipped with a number of features, including providing mining statistics to users, configuring various processor loads for the running miner, the ability to infect USB devices, and the ability to load additional DLLs on the victim.

Additionally, Rarog provides an affordable way for new criminals to gain entry into this particular type of malware, the report noted.

“To date, we have confirmed over 166,000 Rarog-related infections worldwide. The majority of these occur in the Philippines, Russia, and Indonesia. While a large number of infections have been recorded by various criminals who have used this mining Trojan, we have seen very little recorded profits: the highest profits we have observed amount to roughly $120,” the report said.

Comment on this post