Norman the Cryptominer uses sophisticated techniques to avoid discovery

Researchers at Varonis have released information on a new cryptominer variant, which the team has dubbed 'Norman', that uses various techniques to hide and avoid discovery. Norman was discovered during investigations of an ongoing cryptomining infection that had spread to nearly every device at a midsize company. Almost every server and workstation at the business was infected and since the initial infection, which took place over a year ago, the number of variants and infected devices had grown. Most of the malware variants relied on DuckDNS (a free, Dynamic DNS service). Some needed it for command and control communications, while… [Continue Reading]