At CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload.

This payload is unfolded after 5 stages of unpacking, with capabilities such as Anti analysis /debugging, privilege escalation, defense evasion, stealth execution, file-less execution, and mining cryptocurrency. This malware has a very low to zero malicious reputation on known anti-malware tools.
Link to the Research Report: https://www.cyfirma.com/research/obfuscated-batch-scripts-journey-to-monero-mining/
#CYFIRMA #CyberSecurity #MinerMalware #MalwareAnalysis #CyfirmaResearch #ThreatIntelligence #ExternalThreatLandscapeManagement #ETLM #Monero #XMR #CryptoMiner #AMSIBypass

https://www.cyfirma.com/