Vivin, a cryptomining malware that likes munching on
Monero, is one of the many examples of such software roaming the dark corners
of the Internet. Security researchers have been tracking it for the last couple
of years, and it shows no sign of slowing down.
Cryptomining took a bit of a tumble as the cryptocurrency
market dwindled in the past couple of years, but it didn’t really stop. The
fact that new digital currencies kept popping up preserved people’s interest,
and the same is true for the hackers and individuals looking to profit.
Security researchers tracked
the Vivin malware as it morphed, adapting to the market and to what the people
were looking for. Whoever is behind the malware keeps making changes, choosing
new attack vectors, and rotating wallets so it doesn’t attract too much
The preferred delivery method is an interesting one, as
hackers chose to embed the malware in pirated software and games. Users would
download pirated materials and subsequently get infected with Vivin
cryptomining malware, which was set to use 80% of the system’s processing
Surprisingly, the bad actor wielding Vivin made little
effort to hide his trail and was tracked by the researchers. “The length
of historical activity by Vivin, the multitude of wallets and malware execution
infrastructure, and the actor’s somewhat flippant attitude towards operational
security suggest that the Vivin will attempt to continue their operations for
the foreseeable future,” said the researchers.
As it stands, Vivin is alive and kicking, and will
probably remain so for as long as it’s profitable.