A new threat is emerging from the dark web as cybercriminals advertise a modified version of the HiddenMiner malware, a Monero (XMR) cryptocurrency miner, now equipped with advanced stealth and evasion capabilities.
Security researchers have observed the malware being openly marketed on notorious dark web forums, targeting buyers seeking powerful illicit mining tools that can operate undetected on compromised systems.
HiddenMiner: A Stealthier Crypto Mining Threat
HiddenMiner has a notorious history as a malware strain that hijacks the computational power of infected devices to mine Monero, a privacy-focused cryptocurrency favored by cybercriminals for its anonymity features.
The latest iteration of HiddenMiner, now for sale, is being promoted as a one-click installation tool that boasts a suite of sophisticated evasion techniques.
These include:
- Virtual Machine Bypass (AntiVM): The malware can detect and evade virtualized environments often used by security researchers, making analysis and detection more difficult.
- No Admin Rights Required: By bypassing privilege escalation, HiddenMiner can operate without administrator access, broadening its potential targets.
- Rootkit-Level Stealth: The tool hides its mining processes and folders using rootkit techniques, ensuring its activities remain concealed from users and many security tools.
- Antivirus and Security Tool Blocking: It actively blocks popular antivirus programs and scanners, further reducing the chances of detection.
- Auto-Download on Startup: The malware ensures persistence by automatically downloading and executing itself every time Windows starts.
- Technical Support: Sellers are offering one month of technical support, a sign of the growing professionalism in the cybercrime-as-a-service ecosystem.
Pricing and Add-ons
The base price for the HiddenMiner toolkit ranges from $40 to $100, depending on the selected features. Optional add-ons, such as dual mining for both XMR and Ethereum (ETH), are available for an additional $30.
This pricing model mirrors trends seen in other malware-as-a-service offerings, where modularity and customer support are becoming standard.
Dark Web Forums: The Marketplace for Malware
Dark web forums have become central trading hubs for cybercriminals, facilitating the sale of malware, stolen data, and hacking services.
Forums like BreachForums and Exploit are known for hosting listings of illicit tools, including advanced miners like HiddenMiner.
These platforms offer escrow services, ranking systems, and even in-forum credit points to streamline transactions and build trust among buyers and sellers.
Growing Threat to Cybersecurity
The sale of advanced mining malware like HiddenMiner underscores the evolving threat landscape.
As cybercriminals continue to innovate, organizations and individuals face increasing risks from malware that can silently exploit their devices for profit.
With features designed to evade detection and ensure persistence, HiddenMiner represents a significant challenge for defenders, highlighting the urgent need for robust cybersecurity measures and vigilant monitoring of emerging threats.
Security experts warn that as these tools become more accessible and affordable on the dark web, the frequency and impact of illicit cryptomining campaigns will likely rise, putting personal devices and enterprise networks at risk.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1)%20(1).webp?resize=1600,900&ssl=1&description=Security researchers have observed the malware being openly marketed on notorious dark web forums.){kind=link}