Rarog turns computers into cryptocurrency mining machines
   Â
Rarog, a cryptomining trojan, is becoming an easy tool for hackers to turn computers to cryptocurrency mining machines. According to security experts, the Trojan is cheap, easily configurable and supports multiple cryptocurrencies, making it an easy option for hackers. Palo Alto Networks' Unit 42 research team tracked Rarog for months. The reearchers state that the malware comes equipped with many features that give hackers the ability to download mining software and configure it with any options they want. The Trojan has been mainly used to mine the Monero cryptocurrency, but it has the ability to mine other cryptocurrencies as well.
   Â
Rarog recently came into the public attention when security firm Flashpoint stated in a report earlier this week that criminals were targeting the open-source e-commerce platform Magento with alot of malware families since 2016. That left hundreds of e-commerce sites vulnerable to steal credit card numbers and inject cryptominers, said Flashpoint. Security expers think the infection begins with the installation of data-stealing malware called AZORult from a binary hosted on GitHub. AZORult then downloads additional malware, the Rarog cryptocurrency miner. Unit 42 stated that since June 2017, over 160,000 Rarog infections have been confirmed worldwide, mostly occurring in Russia, Indonesia andthe Philippines. The Rarog Trojan uses a number of methods. It allows the attackers to download and execute other malware, levying DDoS attacks against others, and updating the Trojan. The malware makes a number of HTTP requests to a remote C2 server. The malware also provides mining statistics to users, configures various processor loads for the running miner, and enables attackers to infect USB devices, as well as load additional DLLs on an infected system.
   Â
Rarog is also persistent, the malware uses multiple techniques to maintain persistence on the infected system, including the use of the Run registry key, scheduled tasks, and shortcut links in the startup folder. The malware is affordable, it costs about $104 on underground forums. A guest administration panel is provided to allow potential buyers the chance to do a "test drive" by interacting with the interface. The ease of use comes at a cost for hackers, the highest profits observed amounting to roughly $120.
   Â
Cryptocurrency mining has drastically increased over the past year. In February researchers said they found cryptojacking code hidden on the Los Angeles Times' interactive Homicide Report webpage that was quietly harnessing visitors' CPUs to mine Monero cryptocurrency. At the same time, more than 4,200 websites, including many run the U.K. and U.S. governments, were infected by a Monero cryptocurrency miner delivered through a hosted accessibility service. When you notice high CPU usage and suspect it might be malicious cryptomining, it's important to know whether it's being done in your browser or whether your computer itself is infected. So the first thing to do is to identify the process that is gobbling up your resources. Often using the Windows Taskmanager or MacOs's Activity Monitor is enough to identify the culprit. An alternative method that can also be used in other browsers is to disable extensions and close tabs in reverse historical order. If disabling an extension does not help, it's easy to re-enable it. And if closing a tab does not help, you can use the "Reopen last closed tab" option in browsers that have this option, such as Opera, Chrome, and Firefox.