XMRig
-
Researchers track fake installer campaign tied to cryptominers and RATs
A fake-installer campaign tracked as REF1695 has spread RATs and cryptominers since November 2023, with researchers estimating at least 27.88 XMR in proceeds. The operation also used ISO lures, Defender evasion and GitHub-hosted payloads.
-
Pirated software lure spreads wormable XMRig miner that uses BYOVD to boost hashrate
Trellix reported a cryptojacking campaign that used pirated software bundles to deliver a wormable XMRig miner on Windows hosts. The malware uses a vulnerable driver to raise mining hashrate and spread via removable media during November and early December 2025.
-
Malicious PyPI package sympy-dev impersonates SymPy to install XMRig miner
A malicious PyPI package named sympy-dev impersonates the SymPy library to deliver an XMRig cryptocurrency miner on Linux. The package has been downloaded over 1,100 times since January 17 2026 and remains available.
-
Rare Werewolf APT Targets Russian Entities with Sophisticated Cyber Attacks
Rare Werewolf, an advanced persistent threat (APT) group, is reported to have launched a series of cyber attacks targeting Russian and CIS entities, using legitimate software to enhance the stealth of their operations.
