Palo Alto Unit 42 security researchers have been tracking a cryptocurrency mining malware dubbed ‘Rarog’ that has been sold in underground cybercriminal forums since June of 2017.
Rarog has mainly been used to mine Monero cryptocurrency, but has the capability to mine others. Nearly 2,500 unique malware samples were observed, which were connected to 161 different command and control (C2) servers. To date, 166,000 systems were infected by Rarog, mostly in Philippines, Russia, and Indonesia.
Rarog can provide mining statistics to users, configure various processor loads, infect USB devices, and load additional DLLs on the victim system, according to the Unit 42 blog post.
Rarog also appears to be affordable, breaking down barriers of entry for new criminals who wish to use this type of malware to mine crypto currency.