A new cryptojacking campaign has affected hundreds of Russian devices, with hackers using phishing emails and malware to mine cryptocurrency. The group known as Rare Werewolf or Librarian Ghouls is believed to have infected systems belonging to businesses and educational institutions in Russia, Belarus, and Kazakhstan. Kaspersky reports the cybercriminals gain access through malicious emails disguised as official documents, later disabling security systems like Windows Defender. Their goal is to utilize victims’ machines between 1 am and 5 am to mine cryptocurrencies using stolen credentials and device data. These actions are facilitated by a connection to mining pools, with requests sent every 60 seconds.