Tor2Mine Harvests CPU Resources to Mine Monero
Cryptocurrency mining malware continues to be one of the hottest trends among cybercriminals. This type of malware works silently on infected devices, and exploits their hardware to mine for cryptocurrency. One of the popular families of this type is called Tor2Mine, and it targets all sorts of Windows devices. Once it infects a system, it starts to utilize the CPU to mine for Monero, also known as XMR – a privacy-focused cryptocurrency.
How is Tor2Mine Spread?
Malware of this type focuses on infecting as many users as possible in order to maximize the profits of its creators. The Tor2Mine, for example, can be spread through fake downloads, pirated content, deceptive ads, or email spam. It also possesses a Worm-like module, which enables it to spread laterally across infected networks. For example, once it infiltrates a system, it will scan the network for other accessible or vulnerable devices, and try to infect them as well.
It is important to mention that Tor2Mine has been active for a while. Of course, it continues to receive regular updates. Some of the latest innovations that its creators are responsible for include the execution of a PowerShell script. It is meant to carry out several tasks – disable anti-malware services, execute the payload, and attempt to hijack Windows credentials. If the payload manages to gain administrative privileges thanks to the stolen credentials, it could infect more systems on the network.
Spotting Tor2Mine's presence is difficult without the use of automated tools. Typically, it disguises itself as a legitimate Windows service or process that does not stand out. The only odd thing that users might notice is intensive CPU usage from certain processes. However, some versions of Tor2Mine are able to suspend the mining task temporarily when resource monitoring tools such as the Task Manager are open – another clever way of evading detection.
Thankfully, Tor2Mine and similar cryptocurrency miners are easily stoppable with the use of reputable antivirus software.