Smominru miner has contaminated at least half a million machine, frequently consisting of Windows servers, and spreads via the EternalBlue exploit.

The WannaCry ransomware outbreak is still visible. A massive cryptocurrency mining botnet has taken over half a million machines and may have made its cybercriminals controllers millions of dollars. This operation is powered by EternalBlue, a vector of attack exploitable leaked from NSA.

The Smominru miner botnet adapts compromised machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6 million since it started operating in May 2017.

According to ZDNet, “researchers at Proofpoint say the botnet was made up of 526,000 nodes at its peak – and despite efforts to take it down, the botnet is particularly resilient and keeps regenerating itself and therefore remains a powerful Monero mining tool for its operators“.

 

Did you like what you read? Don’t miss any more posts by subscribing our newsletter now!

 

What makes the servers such an appealing target for cryptocurrency miners is that their processing power and because unlike a desktop computer – which regularly gets turned off, and therefore prevented from mining – the servers are always on, providing a continuous, lucrative stream of Monero.

Attacks have also been taking place via EsteemAudit, an exploit that leverages vulnerabilities in RDP on Windows Server 2003 and Windows XP.

 

Read more here.

 


Deixe um comentário

O seu endereço de email não será publicado. Campos obrigatórios marcados com *