Vivin, a cryptomining malware that likes munching on Monero, is one of the many examples of such software roaming the dark corners of the Internet. Security researchers have been tracking it for the last couple of years, and it shows no sign of slowing down.
Cryptomining took a bit of a tumble as the cryptocurrency market dwindled in the past couple of years, but it didn’t really stop. The fact that new digital currencies kept popping up preserved people’s interest, and the same is true for the hackers and individuals looking to profit.
Security researchers tracked the Vivin malware as it morphed, adapting to the market and to what the people were looking for. Whoever is behind the malware keeps making changes, choosing new attack vectors, and rotating wallets so it doesn’t attract too much attention.
The preferred delivery method is an interesting one, as hackers chose to embed the malware in pirated software and games. Users would download pirated materials and subsequently get infected with Vivin cryptomining malware, which was set to use 80% of the system’s processing power.
Surprisingly, the bad actor wielding Vivin made little effort to hide his trail and was tracked by the researchers. “The length of historical activity by Vivin, the multitude of wallets and malware execution infrastructure, and the actor’s somewhat flippant attitude towards operational security suggest that the Vivin will attempt to continue their operations for the foreseeable future,” said the researchers.
As it stands, Vivin is alive and kicking, and will probably remain so for as long as it’s profitable.