SilentCryptoMiner distributed as a bypass tool

March 5, 2025, 4:40 p.m.

Description

A mass malware campaign is infecting users with a cryptocurrency miner disguised as a tool for bypassing internet restrictions. The campaign has affected over 2,000 victims in Russia, utilizing YouTube channels to spread malicious links. Attackers are blackmailing content creators to post videos with infected file links, threatening channel shutdowns. The malware uses a multi-stage infection process, including a Python loader that downloads and executes the SilentCryptoMiner. This miner, based on XMRig, employs stealth techniques like process hollowing and can mine various cryptocurrencies. The campaign highlights the growing exploitation of restriction bypass tools for malware distribution, posing significant risks to user data security.

External References

https://securelist.com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/
https://otx.alienvault.com/pulse/67c8318fdd7b1acc314feeec
Tags
xworm
xmrig
njrat
dcrat
stealth techniques
cryptocurrency mining
silentcryptominer
2025-03-05
phemedrone
blackmail
restriction bypass
python loader

Date

  • Created: March 5, 2025, 11:12 a.m.
  • Published: March 5, 2025, 11:12 a.m.
  • Modified: March 5, 2025, 4:40 p.m.

Attack Patterns

  • SilentCryptoMiner
  • Phemedrone
  • DcRAT
  • XWorm
  • NJRat