Outlaw Monero hacking group returns with updated tools

Getting your Trinity Audio player ready...

After a few months of inactivity, infamous hacking group Outlaw has resurfaced and this time, it has expanded its scope even further. The group has updated its cryptojacking kit, making it more lethal. According to a recent report, the new kit can kill off competition, has wider parameter and targets and has improved evasion techniques.

The report by cybersecurity firm Trend Micro revealed that Outlaw started becoming active again in December last year. After analyzing samples from 456 different IPs, the security researchers concluded that the new kits are more powerful than previous versions, and it expects them to get even better. The new kit starts by killing off competing cryptojacking malware, including miners it has previously installed.

Outlaw came to prominence in 2018 when security researchers discovered a Perl Shellbot it had built. At the time, Trend Micro revealed that the group was primarily targeting China. Now it has expanded its scope, with the latest report revealing that it’s targeting American and European businesses as well.

“Also aware of the existing laws in Europe, they can avoid prosecution in certain countries as long as they avoid attacking them,” the report stated.

Despite the updates to its hacking methods, the group still combines the new with the old, relying on dependable pre-existing tactics to “maximize profit opportunities while exerting minimal effort.”

The researchers also revealed that the new kit is targeting “Linux- and Unix-based operating systems, vulnerable servers, and internet of things (IoT) devices by exploiting known vulnerabilities with available exploits.” The kit is especially out to steal information from the finance and auto industries and then sell it, probably on the dark web. Businesses that are yet to update their systems are more vulnerable.

Not much is known about Outlaw, including its name or where the group is based. The name ‘Outlaw’ was made up by Trend Micro researchers, a translation of the Romanian word ‘haiduc’ which is the group’s go-to hacking tool. In its first wave of attacks in 2018, the group compromised servers belonging to a Japanese art institution as well as the government of Bangladesh.

The group injects cryptojacking malware on its victims’ systems which mines Monero. With Monero being a dark coin, it becomes much more difficult for law enforcement to go after the group. This has made Monero the crypto of choice for cryptojackers, and consequently, some authorities have forced exchanges to delist the dark coin for fear of facilitating cybercrime.