Markets
Share this article

Hackers Using Monero Mining Malware as Decoy, Warns Microsoft

Crypto-jacking is giving nation-state hackers a decoy for their more malicious attacks, Microsoft cautioned in a report.

By Danny Nelson
Updated Sep 14, 2021, 10:36 a.m. Published Dec 1, 2020, 6:15 p.m.
ethernet cables

Crypto-jacking is giving nation-state hackers a decoy for their more malicious attacks, warned Microsoft in a Monday report.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

The company's intelligence team said a group called BISMUTH hit government targets in France and Vietnam with relatively conspicuous monero mining trojans this summer. Mining the crypto generated side cash for the group, but it also distracted victims from BISMUTH's true campaign: credential theft.

Crypto-jacking "allowed BISMUTH to hide its more nefarious activities behind threats that may be perceived to be less alarming because they’re 'commodity' malware," Microsoft concluded. It said the conspicuousness of monero mining fits BISMUTH's "hide in plain sight" MO.

Microsoft recommended organizations stay vigilant against crypto-jacking as a possible decoy tactic.

MicrosoftVietnamMoneroCrypto Mining

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Coinbase Sees Crypto Recovery Ahead as Liquidity Improves and Fed Rate Cut Odds Climb

By Francisco Rodrigues|Edited by Stephen Alpher
2 hours ago
Coinbase

The crypto exchange also took note of a so-called AI bubble that continues to go strong and a weaker U.S. dollar.

What to know:

  • Coinbase Institutional is seeing a potential December recovery in crypto, citing improving liquidity and a shift in macroeconomic conditions that could favor risk assets like bitcoin.
  • The firm's optimism is driven by rising odds of Federal Reserve rate cuts, with markets pricing in a 93% chance easing next week, and improving liquidity conditions.
  • Several recent institutional developments, including Vanguard's crypto ETF policy reversal and Bank of America's greenlighting of crypto allocations, have contributed to bitcoin's rebound from recent lows.
Read full story