Monero Hacking Group “Outlaw” Returns With Upgraded Tools to Eradicate Miners

Cryptocurrency hacking group “Outlaw” has reportedly returned with an upgraded toolset designed to kill existing mining software while they hijack computer powers to mine privacy-focused coin, Monero (XMR).

According to the reports by Japanese cybersecurity firm Trend Micro, Outlaw has resurfaced after months of silence. Perhaps the group was busy updating their hacking kits to attack more enterprises, especially in the automotive and finance industries. 

The updated tools come with improved features, including sophisticated target scanning capabilities, looped execution of files via error messages, and enhanced evasion techniques. The kits are also designed to enhance crypto mining profit by eliminating both the competition and their own previous miners. 

Mining power is not the only thing the group can steal. They can also use the upgraded kit to attack compromised systems to steal information and sell the data to bidders, Trend Micro said. 

“They are going after enterprises that haven’t yet patch their systems, and as well companies with an internet-facing system with no monitoring of or weak traffic activities.”

Outlaw went off the radar back in June 2019 until their activities began increasing in December last year. The cybersecurity firm said they expect more activities from the group in the coming months due to their improved tools. 

Outlaw Targets US and Europe

Outlaw first introduced themselves in 2018, and since then, they have been attacking cryptocurrency miners based in China. However, this time around, Trend Micro claimed that the hacking group might be targeting enterprises in the United States and Europe. 

“We will continue to observe the group’s activities as they target industries from the United States and Europe,” the security company said. 

The report further warned that the Outlaw’s new targets might not only be enterprises because the improved tools included traces of Android Package Kits- (APK-) and Android Debug Bridge (ADB)-based commands that enable cryptocurrency mining activities in Android-based TVs. 

In another similar development, Coinfomania reported that Cybersecurity firm, Cyberbit discovered a Monero mining malware that was installed at more than 50% of the workstations in a European airport to steal power to mining the cryptocurrency.