crypto.news 2025-06-11 10:41:01

Hacker group Rare Werewolf hijacks Russian devices to mine crypto and steal data

A cybercriminal group known as Rare Werewolf is running a targeted phishing campaign against Russian and CIS-based companies, hijacking devices to mine crypto and steal sensitive data. Kaspersky’s research revealed that the APT group Rare Werewolf, also known as “Librarian Ghouls” and “Rezet,” has remained consistently active through May, carrying out a relentless campaign that targets organizations across Russia and the CIS. The group uses phishing emails disguised as communications from legitimate organizations to deceive victims into opening malicious attachments. Once these files are executed, the attackers gain remote access to the device, exfiltrate sensitive data (such as credentials and crypto wallet info), and then deploy Monero ( XMR ) crypto miners to exploit the system’s processing power.” To avoid detection, they schedule the compromised machine to automatically wake up at 1 AM and shut down at 5 AM, ensuring their activities go unnoticed. Kaspersky reports that the group mainly targets industrial enterprises, with engineering schools also being of particular interest. The phishing emails are written in Russian and typically contain attachments with Russian-language filenames and decoy documents, which suggests that the group’s primary victims are based in Russia or are Russian speakers. Source: PDF document imitating a payment order | securelist.com You might also like: Crypto wallet maker Ledger regains control of Discord after phishing attack Kaspersky’s investigation also uncovered several domains that might be linked to the Librarian Ghouls campaign, although they have low confidence in this connection. Among the domains still active at the time were users-mail[.]ru and deauthorization[.]online, both of which hosted phishing pages. These pages, created with PHP scripts, were designed to steal login credentials for the popular Russian e-mail service Mail.ru. Source: Example of a phishing page associated with the APT campaign | securelist.com As of the release of Kaspersky’s research, the Librarian Ghouls APT campaign remains active, with ongoing attacks observed as recently as last month. You might also like: Hackers exploit old HTTP File Server to install Monero miners

Related News

Ripple CEO Says XRP is the Next Bitcoin. Here’s Wh...
15 Jun 2025
ZKJ Token Faces Potential Further Decline Amid Liq...
15 Jun 2025
DOGE Price Braces for Potential Turbulence: Analys...
15 Jun 2025
7 Top Meme Coin Picks—Best Meme Coins to Invest in...
15 Jun 2025
Wall Street analysts forecast 12,000% growth poten...
15 Jun 2025
XRP Price Prediction for June 16 2025: Will Bulls...
15 Jun 2025

Read the Disclaimer : All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.

Hacker group Rare Werewolf hijacks Russian devices to mine crypto and steal data

Most Read News

Related News