Called Satori, it is a malware that wrangles routers, security cameras and many other devices connected to the Internet into botnets — is crashing the cryptocurrency party with a new variant that surreptitiously infects computers dedicated to the mining of digital coins.
According to Arstechnica, “a version of Satori that appeared on January 8 exploits one or more weaknesses in the Claymore Miner, researchers from China-based Netlab 360 said in a report published Wednesday. After gaining control of the coin-mining software, the malware replaces the wallet address the computer owner uses to collect newly minted currency with an address controlled by the attacker. From then on, the attacker receives all coins generated, and owners are none the wiser unless they take time to manually inspect their software configuration.”
Assuming the wallet address continues to generate coins with the power of calculation of about 2,199 million per second, “the proceeds after a few months could be well worth the effort, assuming the massive cryptocoin sell-off—which has caused Etherium’s value to drop by 42 percent in the past four days—doesn’t continue.“
Satori is a modified version of the Mirai botnet malware, that took control of IoT devices in the past, and the cause of a huge distributed denial-of-service attack that paralyzed large swaths of the Internet in 2016.
This represents a clever attack. After gaining control of the coin-mining software, the bot replaces the victim wallet address with the malicious address. In this way, the computer mining currency through the address controlled by the attacker.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.