{
  "family": "xmrig",
  "sample_count": 248,
  "category": "cryptominer",
  "description": "Xmrig is a cryptocurrency mining malware family with 248 samples in ember 2018 that uses victim cpu or gpu resources without authorization to mine cryptocurrency, typically monero. symptoms include high cpu usage, system slowdown, and increased electricity consumption.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "category-templated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Xmrig malware?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Xmrig is a member of the cryptominer category in the EMBER 2018 malware corpus. Like other cryptominer samples it shares the behaviors typical of that class. Because precise family-specific reporting on Xmrig is limited, this catalog only describes it at the category level rather than fabricating unverified details."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if Xmrig is detected on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Do not attempt manual removal. Cryptominer samples often establish persistence and may be part of a larger compromise. Isolate the affected system from the network and contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response."
      }
    }
  ],
  "faq_count": 2,
  "mitre_attack": [],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}