Jump to content
iulik

Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit

Recommended Posts

2017 was the year of high profile data breaches and ransomware attacks, but from the beginning of this year, we are noticing a faster-paced shift in the cyber threat landscape, as cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals.

Several cybersecurity firms are reporting of new cryptocurrency mining viruses that are being spread using EternalBlue—the same NSA exploit that was leaked by the hacking group Shadow Brokers and responsible for the devastating widespread ransomware threat WannaCry.

Researchers from Proofpoint discovered a massive global botnet dubbed "Smominru," a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master.


Active since at least May 2017, Smominru botnet has already infected more than 526,000 Windows computers, most of which are believed to be servers running unpatched versions of Windows, according to the researchers.

"Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz," the researchers said.

The botnet operators have already mined approximately 8,900 Monero, valued at up to $3.6 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of systems.
The highest number of Smominru infection has been observed in Russia, India, and Taiwan, the researchers said.
 

https://thehackernews.com/2018/01/cryptocurrency-mining-malware.html

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...