TechFlow, June 11 — According to Cointelegraph, the hacker group Librarian Ghouls (also known as Rare Werewolf) has infiltrated hundreds of devices in Russia and used them for cryptocurrency mining.
The group spreads malware through phishing emails disguised as legitimate organizations. Once a device is infected, they establish remote connections and disable security systems such as Windows Defender. The hackers collect information on the device's RAM, CPU cores, and GPU to optimize the configuration of cryptocurrency mining software.
This hacking incident began in December 2024, primarily affecting industrial enterprises and engineering schools in Russia, with victims also reported in Belarus and Kazakhstan. Kaspersky suggests that Librarian Ghouls may be hacktivists, as they rely on legitimate third-party tools rather than developing their own malware—a technique commonly used by similar groups.




