WaterMiner Is a New Monero Mining Malware Strain

Most people are well aware of the proliferation of malicious Monero mining software and plugins. In most cases, such tools are embedded on various websites. The Pirate Bay, for instance, is doing exactly that. So far, the overall concept of in-browser Monero mining has garnered a very bad reputation. It turns out there is now a new type of malware which attempts to achieve a similar goal. WaterMiner is a pretty worrisome threat, to say the least.

WaterMiner Continues the Malicious Monero Mining Trend

In a way, no one should be surprised to find out there are many different projects focusing on mining Monero illegally. Ever since a lot of sites introduced this method of generating revenue, there has been an increased focus on the negative side of Monero mining in general. That is not good news for this popular altcoin, and it seems things may only get worse from here on out. More specifically, a new type of malware has been detected which makes the concept of mining Monero even more appealing to criminals.

No one can deny the demand for Monero appears to be growing all over the world. As an example, we now have a few Darknet markets preferring Monero over Bitcoin and other cryptocurrencies. That in itself is not surprising, given that Bitcoin lacks privacy and anonymity features in every way possible. Monero, on the other hand, is far more anonymous than Bitcoin will ever be in its current form.

When one combines the concepts of anonymity and monetary value, it is only a matter of time until the criminals start to pay more attention as well. This is exactly what is happening to Monero right now, as we have a new type of malware having been discovered by Minerva Labs. According to the researchers, this new malware strain is known as WaterMiner, although that name may change in the future.

It seems this new malware is actively distributed through a dedicated campaign. More specifically, criminals have been infecting computers with malicious Monero mining malware which is not visible using traditional monitoring tools. The goal is to hijack computer CPUs and mine XMR in the process, though it remains to be seen how much of a threat this concept really poses. There is no reason to think this malware won’t affect thousands of computers around the world in the coming days and weeks.

The initial research indicates that WaterMiner is distributed by being bundled together with “gaming modifications”. This is not an uncommon method of distributing malware, to say the very least. During the first stage of distribution, WaterMiner was mainly distributed through a Russian forum. In one case, the accompanying “mods” package purported to enhance the gaming experience of GTA V players. It is unclear whether that was actually the case, but we do know everyone who downloaded the package saw their computer infected with WaterMiner malware as a result.

No one will be surprised that this malware uses MinerGate for its nefarious mining activities. This is a common trend in the world of cryptocurrency mining malware, especially where Monero is concerned. For some reason, this pool is of great interest to cybercriminals. Additionally, it seems WaterMiner is itself a modified version of XMRig, an open-source Monero miner. It will be interesting to see how things evolve as far as WaterMiner is concerned.