Threat researchers at ESET have discovered a crypto-mining malware that has[RP1] evaded detection by anti-virus software as it uses the computing power of infected computers to generate Monero and Etherium crypto-currencies. Named KryptoCibule, this malware has been successful at hiding from researchers for almost two years now. In the analysis report from ESET, researchers noted that this malware relies heavily on the Tor network to communicate with its Command and Control (C2) servers. It spreads through malicious torrents that pretend to be pirated games and software. Currently, KryptoCibule seems to be targeting the Czech Republic and Slovakia—more than 85% of detections have come from those countries. Attacks in these countries appear to be intentionally targeted, as it checks for security products from ESET, AVG, and Avast which are based in these two countries. If KryptoCibule detects any of these products, it automatically stops installation.
[RP1]This malware does not steal cryptocurrency from victims – it abuses the power of the victim computer to mine.