Monero Hacker Group 'Outlaw' Is Back and Targeting American Business: Report

Outlaw, a group specializing in cryptojacking machines to mine monero, has returned after a brief hiatus and is expanding its global reach, according to Trend Micro.

AccessTimeIconFeb 11, 2020 at 7:28 p.m. UTC
Updated Aug 19, 2021 at 12:45 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A group specializing in hijacking victims' computer power to mine for monero has returned with new tools to attack businesses based in the U.S. and Europe.

Japanese cybersecurity firm Trend Micro reported Monday the group, known as Outlaw, had begun infiltrating Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin monero (XMR), a process known as cryptojacking.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Trend Micro's report said Outlaw used a combination of pre-existing tools and new techniques to monitor for programs that could detect its malware.

    The newly improved malware can also hunt down and kill existing mining bots – even the group's previous miners – found in infected systems, taking out the competition and improving mining profits. Past iterations had only been able to partially reduce the activity of rival mining bots.

    Trend Micro said Outlaw's activity began increasing in December following several months of inactivity. "[W]e expect the group to be more active in the coming months as we observed changes on the versions we acquired," the report reads.

    Although Outlaw had previously confined itself to computer systems in China, Trend Micro's report found it was now targeting businesses in Europe and the U.S. The cybersecurity firm found the group targeted several of its honeypots – mechanisms designed to lure hackers to attack it – situated across the Eastern European region.

    The report did not disclose the names of any businesses, in the U.S. or elsewhere, that had been affected by Outlaw's malware.

    The group might also try to steal information and sell it to the highest bidder, Trend Micro said. Companies in the financial and auto industries that have not recently updated their internet security systems are at high risk, the cybersecurity firm warned.

    Outlaw first came to prominence in 2018 after it installed crypto-mining bots in the software of internet-of-things (IoT) devices. In 2019, Trend Micro detected the group attacking computer systems in China with a similar malware design that would hijack computer power to mine monero.

    Malware that hijacks computer power to mine monero is not uncommon. In February 2018, more than half a million computers were infected with a botnet that mined nearly 9,000 XMR tokens (then worth approximately $3.6 million) over a nine-month period. Being a privacy coin, hackers can sell monero without risk of detection from authorities.

    Very little is known about the Outlaw hacking group, not even what it call itself. Trend Micro coined the name "Outlaw" as a translation of the Romanian word haiduc, which is the name of one of the group's favorite hacking tools.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.