216.73.216.86

Digging Gold with a Spoon – Resurgence of Monero-mining Malware

· Published 07/07/2025 13:55 · Modified 13/07/2025 09:45

Export JSON

Essential information

Published
07/07/2025 13:55
Modified
13/07/2025 09:45
Tags
2025-07-07 cryptomining lolbas monero persistence powershell windows defender evasion xmrig
Related entities
4 observables, 9 techniques (mitre), 1 malware, 6 others

Description

A resurgence of malware deploying cryptominer was discovered in mid-April 2025, coinciding with a rally in cryptocurrency value. The malware uses a multi-staged approach and techniques, leveraging Windows tools like for payload delivery, detection evasion, and . The attack chain involves three stages: initial infection via a batch file, establishment, and execution. The malware targets diverse countries, including Russia, Belgium, Greece, and China. It disables Windows Update services, evades Windows Defender, and uses scheduled tasks for . The miner creates registry entries and drops files for continued operation. Despite its simple, unobfuscated nature, the malware proved effective in avoiding detection.

External references