Hauri reported Monero-mining malware distributed in Korea through socially engineered email lures using themes such as transactions, resumes, personal data leaks, and image theft. The malware runs when a user opens a shortcut file disguised with photo or document icons and ultimately performs malicious activity in memory. Once infected, the host’s CPU resources are used to mine Monero, and the malware stops mining when Task Manager is opened to reduce the chance of discovery. The report attributes the activity to the same organization behind VenusLocker and identifies detections including Trojan.Win32.S.XMRigMiner.373760 and Trojan.Win64.S.XMRigMiner.338944.