Hackers Disguise Monero Mining Malware as Non-Profit Software

📌 Hackers identified as REF1695 are distributing Monero (XMR) mining malware by disguising malicious installers as legitimate non-profit software. The campaign employs stealth techniques to evade detection while hijacking system resources for cryptocurrency mining. No specific technical indicators, dates, or CVE IDs were disclosed in the report. The attack vector leverages fraudulent non-profit developer personas to trick users into executing the malware. The primary impact involves unauthorized use of compromised systems for financial gain through Monero mining. The threat was documented by Elastic Security Labs.