The Librarian Ghouls hacker group, also known as Rare Werewolf, has compromised hundreds of Russian devices to mine cryptocurrency in a cryptojacking operation, according to cybersecurity firm Kaspersky. This group employs malware-infested phishing emails disguised as official documents to gain access to systems. Once infected, the malware disables security features like Windows Defender and allows hackers to establish remote connections. The compromised devices are programmed to turn on and off at specific times to maintain unauthorized access without the user’s awareness. Kaspersky's assessment suggests that the group's tactics indicate a hacktivist motive, possibly due to their use of legitimate third-party software instead of developing custom malware. The ongoing campaign, which began in December 2024, has primarily impacted Russian industrial enterprises, engineering schools, and has also targeted users in Belarus and Kazakhstan. Emails used in the operation are composed in Russian, indicating a focus on Russian-speaking victims. Kaspersky has noted continuous adaptation by the attackers, enhancing their methods of data exfiltration and compromising email accounts.

Source đź”—