Introduction to Rare Werewolf Hacker Group
The Rare Werewolf hacker group has been secretly mining cryptocurrency by hijacking computers across Russia and neighboring countries. This group has been using a legitimate tool called XMRig software to mine cryptocurrency on the victim’s devices.
How the Attack Happens
The attackers gain initial access to the system through phishing emails written in Russian. These emails contain password-protected archives with malicious executable files and are typically disguised as messages from legitimate organizations, appearing to be official documents or payment orders. Once contained in the system, the hackers steal login credentials and install XMRig to generate cryptocurrency using the victim’s computing power.
Methods Used by Hackers
The hackers use a novel method to take care of access and avoid detection, programming infected devices to shut down at 5 a.m. every day. Before the shutdown, a script launches Microsoft Edge at 1 a.m. to get up the pc, giving the attackers a four-hour window to determine distant access. The attackers collect details about available CPU cores and GPUs to optimally configure the crypto miner, and this data is shipped to their servers.
History of Rare Werewolf
Rare Werewolf has been energetic since a minimum of 2019, in accordance with previous reports. The group typically relies on legitimate third-party software and utilities fairly than developing its own malicious tools to execute its attacks. The group’s origin has not yet been identified.
Current Campaign
The current campaign began in December 2024 and was ongoing as of last month, with attackers constantly refining their tactics. In addition to cryptocurrency mining, the group has also focused on stealing sensitive documents, passwords, and compromising Telegram messenger accounts of their previous campaigns.
Attack Methods and Similarities
The group’s methods — including the usage of self-extracting archives and legit utilities — resemble those often related to hacktivist groups. XMRig has been widely abused by cybercriminals, who’re consistently devising recent methods to deliver the installer to victims’ devices. In previous cases targeting Russian firms, hackers delivered it through malicious versions of popular pirated games.
Conclusion
The Rare Werewolf hacker group has been a big threat to computer systems across Russia and neighboring countries. Their methods of using legitimate software and utilities to mine cryptocurrency and steal sensitive information have made them a formidable opponent. It is crucial for people and organizations to pay attention to these threats and take crucial precautions to guard themselves from such attacks. By staying informed and vigilant, we are able to reduce the danger of falling victim to these kind of cybercrimes.
