The new season, based on the life of the former New York District attorney Preet Bharara, began on May 3 with a plot revolving around a group of cryptocurrency miners operating an illegal Bitcoin farm.
Showtime released the first episode of the fifth season of financial drama series “Billions”, which opened with a Bitcoin mining bust.
Previous seasons talked about the world of the stock markets and legal disputes with hedge fund managers on Wall Street. Crypto enthusiasts may find the new episode more familiar
Bitcoin’s intrinsic value discussion
Chuck Rhoades, the attorney general of New York in the drama series, questioned the leader of the illegal bitcoin mining farm after dismantling the organization.
Chuck asked him the following:
“So your multitude of computers and servers could solve some abstract math equations resulting in the mining of Bitcoin? It’s worth millions right now, whoopee! But it’s backed by what? Nada.”
The miner answered with another question: “What’s the Dollar backed by since we went off the gold standard?”
Crypto community reactions
The first episode of the new season of Billions was the subject of discussion among the crypto community on social networks. Many shared the video clip of the mentioned interrogation scene thousands of times on social media.
One of those who mentioned the episode was Changpeng Zhao, Binance’s CEO, who retweeted the scene on his official Twitter account with the hashtag #Adoption.
The Simpsons also referred to the world of cryptos and blockchain technology in an episode aired in February.
New Malware Miner Sneakily Hides When Task Manager Is Open
Meet “Norman” – a new variant of monero-mining malware that employs crafty tricks to avoid being spotted.
The malicious code was identified by researchers at data security firm Varonis when investigating a crypto-miner infestation at a “mid-size company.”
“Almost every server and workstation was infected with malware. Most were generic variants of cryptominers. Some were password dumping tools, some were hidden PHP shells, and some had been present for several years”, the firm said.
However, one miner stood out – Norman, as the team dubbed it.
Norman’s payload has two primary functions: execute its XMRig-based crypto-miner and avoid detection.
After injection, it overwrites its entry in explorer.exe to conceal evidence of its presence. It also stops operating the miner when the PC’s user opens Task Manager (see image below). Re-injecting itself once Task Manager is not running.
The miner element of the malware is based on the openly available XMRig code hosted on GitHib. However, Varonis found that its monero (XMR) address is blocked by the mining pool it links to, and hence is effectively disabled.
The researchers further found a PHP shell, possibly linked to Norman, that “that continually connects to a command-and-control (CC) server.” Web shells can allow remote access to a system on which they are installed.
However, the team found that, when they ran the code, it entered a loop awaiting commands and none had been received at time of writing.
The report also notes that Norman may have been created in France or a French-speaking nation. “The SFX file had comments in French, which indicate that the author used a French version of WinRAR to create the file”, said Varonis.
