Cybersecurity firm Sophos has cautioned industry experts that a new variant of the infamous Tor2Mine crypto-miner malware is spreading across company networks.
The malware is used to mine Monero (XMR), an untraceable cryptocurrency that has been associated with use on the dark web.
Inflicting devices with Tor2Mine has been to the detriment of businesses, burning both energy and often resulting in hardware failures.
Tor2Mine is not sophisticated or aggressive in itself but will seek to explore familiar weaknesses in company systems, such as a lack of anti-virus or anti-malware software.
While non-invasive, Tor2Mine will act aggressively to extract maximum value once it penetrates the system’s defenses.
It will quickly spread and install another piece of software that is directly responsible for mining Monero and extracting maximum profit.
The hack is able to successfully target DAO and DeFi projects which seem to be the most susceptible to such exploits.
Sophos senior threat researcher Sean Gallagher said: “Once it has established a foothold on a network, it is difficult to root out without the assistance of endpoint protection software and other anti-malware measures.”
The virus will spread away from the original breaking point and patching the system would not be enough to fix the issue. Nor would it be cleaning just one system. Companies faced with the problem would need to clean all their systems.
According to Gallagher, Tor2Mine continues to try to infect network systems even when it’s mined or has gone offline.
Gallagher recommends that anyone looking to avoid getting infected by Tor2Mine needs to update their company systems, introduce anti-malware and anti-virus systems and use dedicated mail clients.