Since cryptojacking malware came into the scene, its favorite cryptocurrency to mine at the expense of its victims is Monero. This is due to the simplicity of mining XMR compared to Bitcoin (BTC), where stolen GPU and CPU cycles can be used for resolving hashes. Recently, Check Point has once again discovered the growing number of infections by a new Monero-based cryptojacking malware, they call it Trojan.Win32.Fsysna. It is one of the most disruptive cryptojacking malware created, as it is not only mining Monero in the background but is designed to take a hold of the entire network once it infects one machine.
“The highlight of this variant is the use of legitimate IT administration tools, Windows system tools and previously disclosed Windows vulnerabilities in order to infect an entire network of PCs. The actors behind this campaign possess enough skills and experience to make this a potentially severe attack on any organization with no so easy steps for remediation. Mining has always been about scale. The more machines mining, the more the income. Once a single machine is breached in an enterprise, lateral movement allows for large scale compromise which means more machines mining,” explained Richard Clayton, Cyber Security Research team, CheckPoint software.