Botnet for mining Monero has infected more than half a million servers - BitLex - Crypto News Updates

Header Ads

Breaking News

Botnet for mining Monero has infected more than half a million servers

Botnet called Smominru since its launch in may 2017, has infected more than 526 000 servers on Windows and nominal 8900 Monero (equivalent to $2 million at the time of publication). This is reported by ZDNet.

Monero cryptocurrency values (top) and relative values of major cryptocurrencies, including Bitcoin, over the past year (bottom)

The botnet uses a Windows exploit called Eternal Blue, was developed by national security Agency USA, which was merged hacker group Shadow Brokers in the past year. Eternal Blue was previously used in the attack WannaCry along with another exploit NSA — Double Pulsar.

Smominru Stats and Payments on the MineXMR mining pool

ZDNet notes that Windows servers have become major victims of a botnet, are the perfect hosts: they are always included and their computational power is higher in comparison with personal computers. Most of the affected cars are located in Russia, India and Taiwan, although the attack spans the globe.

Geographic distribution of Smominru nodes

Concentration of Smominru nodes worldwide

Smominru adapting to the sinkholing and returning to two thirds of its hash rate with a new Monero mining address

Smominru statistics and payments associated with their new mining address

Attempts to limit the botnet had only short-term success. Cybersecurity experts from Proofpoint, and ShadowServer Foundation has tried to destroy it, using a technique called sinkholing, but Smominru quickly recovered.

Last year the aforementioned exploit the Double Pulsar has been used for the secret installation of malicious programs Minami Monero. It is a cryptocurrency is often associated with illegal actions because its transactions have a high level of anonymity.

Recall that recently was discovered hidden web miner CoinHive built into some of Google’s ads on YouTube.


Cryptocurrencies have been used by cybercriminals for years in underground markets, but in the last year, we have observed standalone coin miners and coin mining modules in existing malware proliferate rapidly. As Bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators.

Because most of the nodes in this botnet appear to be Windows servers, the performance impact on potentially critical business infrastructure may be high, as can the cost of increased energy usage by servers running much closer to capacity. The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations. Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes. We also expect botnets like that described here to become more common and to continue growing in size.