The hacker group Librarian Ghouls attacks Russian devices for cryptocurrency mining

ChainCatcher news, the hacker group Librarian Ghouls (also known as Rare Werewolf) has infiltrated hundreds of Russian devices and is using them for cryptocurrency mining.

The group spreads malware through phishing emails disguised as legitimate organizations, establishing remote connections after infecting devices and disabling security systems such as Windows Defender. The hackers collect information on the devices' RAM, CPU cores, and GPU to optimize the configuration of cryptocurrency mining programs. This hacking incident began in December 2023, with the attack primarily affecting industrial enterprises and engineering schools in Russia, while there are also victims in Belarus and Kazakhstan.

Kaspersky speculates that Librarian Ghouls may be hacktivists, as they rely on legitimate third-party tools rather than developing their own malware, which is a common tactic used by similar organizations.