#TrumpTariffs

The hacker group Librarian Ghouls, also known as Rare Werewolf, has hacked hundreds of Russian devices for hidden cryptocurrency mining. This was reported by experts from Kaspersky Lab.

Infection Algorithm

The attackers gained access to systems through phishing emails. They are disguised as messages from real organizations and look like official documents.

After infecting the computer with malware, the hackers establish remote access and disable protective systems, including Windows Defender. They turn off security systems, such as Windows Defender. Then they configure the device to automatically turn on at 1 AM and off at 5 AM. According to Kaspersky Lab, this is how the attackers conceal their actions.

During this time, they also steal credentials. Before launching the miner, the attackers gather information about the system: RAM size, number of CPU cores, and graphics card data. This allows them to optimally configure the program for cryptocurrency mining. While the miner is running, the hackers maintain communication with the pool by sending requests every minute.