Covert Monero-mining malware now steals passwords and disables rivals

Unit 42 researchers have uncovered a new variant of cryptojacking malware named Black-T, authored by the hacker group TeamTnT and targeting covert Monero mining.

Unit 42 researchers discovered a new variant of cryptojacking malware named Black-T, authored by TeamTnT. https://t.co/TTdaw0eDdc pic.twitter.com/AyVQGlqByt

— Unit 42 (@Unit42_Intel) October 5, 2020

Now, in addition to cryptojacking, the malware can steal user data, including passwords and banking details.

Black-T reads plaintext Windows passwords using the Mimikatz tool. This allows attackers to interfere with the computer’s operation even when the user is active.

The malware can also disable other hidden miners if they are already present on the device. It automatically targets their files and installs its own cryptojacking software.

Unit 42 researchers believe that the hackers will continue expanding the malware’s capabilities, especially for identifying vulnerabilities in various cloud systems.

According to the study by Aqua Security, 95% of attacks on compromised cloud servers are aimed at covert cryptocurrency mining.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news stream, ForkLog — the most important news and polls.