Smominru miner has contaminated at least half a million machine, frequently consisting of Windows servers, and spreads via the EternalBlue exploit.
The WannaCry ransomware outbreak is still visible. A massive cryptocurrency mining botnet has taken over half a million machines and may have made its cybercriminals controllers millions of dollars. This operation is powered by EternalBlue, a vector of attack exploitable leaked from NSA.
The Smominru miner botnet adapts compromised machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6 million since it started operating in May 2017.
According to ZDNet, “researchers at Proofpoint say the botnet was made up of 526,000 nodes at its peak – and despite efforts to take it down, the botnet is particularly resilient and keeps regenerating itself and therefore remains a powerful Monero mining tool for its operators“.
What makes the servers such an appealing target for cryptocurrency miners is that their processing power and because unlike a desktop computer – which regularly gets turned off, and therefore prevented from mining – the servers are always on, providing a continuous, lucrative stream of Monero.
Attacks have also been taking place via EsteemAudit, an exploit that leverages vulnerabilities in RDP on Windows Server 2003 and Windows XP.
Read more here.