Hackers Using Monero Mining Malware as Decoy, Warns Microsoft

Crypto-jacking is giving nation-state hackers a decoy for their more malicious attacks, warned Microsoft in a Monday report.

The company’s intelligence team said a group called BISMUTH hit government targets in France and Vietnam with relatively conspicuous Monero mining trojans this summer. Mining the crypto generated side cash for the group, but it also distracted victims from BISMUTH’s true campaign: credential theft.

Crypto-jacking “allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re “commodity” malware,” Microsoft concluded. It said the conspicuousness of Monero mining fits BISMUTH’s “hide in plain sight” MO.

Microsoft recommended organizations stay vigilant against crypto-jacking as a possible decoy tactic.