Cryptomining malware Vivin has been watched closely by researchers over the past few years. What they’ve noticed is that the malware has switched its tactics to be able to adapt to the ever-changing cryptocurrency market. The Monero cryptocurrency is its favorite target and it continuously changes wallets in an effort to attract the least amount of attention possible. Recently, Vivan has been found embedded in pirated software and games. When one of the pirated software products is installed on a computer, it will be infected with Vivan. The threat actor behind Vivin has not been careful to cover their tracks, which gives researchers reason to believe that Vivan will continue to operate. Researchers made this statement, “The length of historical activity by Vivin, the multitude of wallets and malware execution infrastructure, and the actor’s somewhat flippant attitude towards operational security suggest that the Vivin will attempt to continue their operations for the foreseeable future.”
Analyst Notes
Cryptomining malware can be detected by monitoring for new or unusual programs on endpoints that consume CPU resources constantly, even outside of business hours. A well-managed Endpoint Detection and Response solution alerts on potential attacker behaviors, and good analysis can determine if the activity represents a threat before it becomes a major problem. It is also advised to be cautious when following links or ads from untrusted sources and even if these links are followed, nothing should be downloaded from these pages unless the source can be verified. More information can be found here: https://hotforsecurity.bitdefender.com/blog/cryptomining-malware-vivin-uses-pirated-software-as-attack-vector-22169.html
