Hackers hit over 15 million users with new XMRig Monero cryptocurrency mining campaign

A new cryptocurrency mining campaign has infected over 15 million users across the globe. The new campaign, which involves hackers leveraging the XMRig Monero miner, has hit South America, Southeast Asia and northern Africa the hardest.

According to security researchers at Palo Alto Networks, who discovered the attack, the new Monero mining campaign has been active for around four months. The hackers behind the campaign have already made several updates to the cryptocurrency mining malware, changing their tactics every month or so.

The campaign involved hackers making use of the URL shortener Bitly to trick victims into clicking on malicious ads. These ads were delivered using the ad-based redirection service Adfly. Once users clicked on the malicious ads, they unwittingly downloaded the XMRig miner.

However, Bitly has since removed the malicious URL, Christopher Budd, senior threat communications manager at Palo Alto told SCMagazine.

The new campaign has affected over 3,500,000 users in Thailand, over 1,830,000 in Vietnam and over 1,130, 000 in Egypt. Thousands of users in Turkey, Peru, Brazil, Algeria, Venezuela and the Philippines have also been infected by the Monero mining campaign.

"Monero mining campaigns are certainly not a new development, as there have been various reported instances recently," Palo Alto researchers said in a blog. However, it is less common to observe such a large-scale campaign go relatively unnoticed for such a long period of time. By targeting random end-users via malicious advertisements, using seemingly innocuous names for the malware files, and using both built-in Windows utilities and scripting files, the attackers are able to gain a foothold on victim systems at large scale."