For two years, the cryptocurrency-mining malware, referred to as WatchDog, has surreptitiously operated within 476 Windows and Linux devices. The malware leveraged system functions in order to mine Monero cryptocurrency.

Cyber security experts state that the level of access that these hackers have obtained may enable them to steal identity and access management (IAM) data. In turn, the hackers could weaponize this data for the purpose of compromising personal and business systems.

This WatchDog cryptomining operation has obtained as many as 209 Monero cryptocurrency coins. Their bounty is worth roughly $32,000 USD. While this initiative has not brought in as much as most ransomware schemes, experts note that the market price of cryptocurrency is subject to change over time.

Who is behind the attack?

The hackers involved are thought to be “skilled coders”. They are not thought to be part of a nation-state backed group.

WatchDog Malware, technical specs

According to security researchers, WatchDog mining malware consists of a multi-part Go Language binary set. It also includes a bash or PowerShell script file. The open-source language known as “Go” has been seen in previous cryptojacking attacks.

Watchdog concept

The Go binaries in WatchDog each serve a specific purpose. One binary emulates the Linux WatchDog daemon mechanism. It does this by ensuring that mining processes operate without overload or interruptions.

“The WatchDog daemon’s functionality is to open the device and provide a necessary refresh to keep the system from resetting. For example, it can test process table space, memory usage and running processes,” reports ThreatPost.

For more on the WatchDog cryptojacking campaign, click here.