Smominru miner has contaminated at least half a million machine, frequently consisting of Windows servers, and spreads via the EternalBlue exploit.
The WannaCry ransomware outbreak is still visible. A massive cryptocurrency mining botnet has taken over half a million machines and may have made its cybercriminals controllers millions of dollars. This operation is powered by EternalBlue, a vector of attack exploitable leaked from NSA.
The Smominru miner botnet adapts compromised machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6 million since it started operating in May 2017.
According to ZDNet, “researchers at Proofpoint say the botnet was made up of 526,000 nodes at its peak – and despite efforts to take it down, the botnet is particularly resilient and keeps regenerating itself and therefore remains a powerful Monero mining tool for its operators“.
What makes the servers such an appealing target for cryptocurrency miners is that their processing power and because unlike a desktop computer – which regularly gets turned off, and therefore prevented from mining – the servers are always on, providing a continuous, lucrative stream of Monero.
Attacks have also been taking place via EsteemAudit, an exploit that leverages vulnerabilities in RDP on Windows Server 2003 and Windows XP.
Read more here.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.