SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools

A new mass malware campaign, SilentCryptoMiner, is infecting over 2,000 Russian users by disguising itself as a tool to bypass internet blocks. The campaign, which leverages Windows Packet Divert (WPD) tools, employs deceptive tactics such as impersonating tool developers and using booby-trapped archives to distribute the malware. The SilentCryptoMiner miner, based on XMRig, employs stealth techniques like process hollowing and can be controlled remotely via a web panel.