CYFIRMA Research - Obfuscated Batch Script’s Journey to Monero Mining CYFIRMA Research

At CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload.This payload is unfolded after 5 stages of unpacking, with capabilities such as Anti analysis /debugging, privilege escalation, defense evasion, stealth executi...