Huge NSA-exploit born botnet turns to mining cryptocurrency

By

Feb 5th


botnet map

Cyber hackers are coming up with more and more cryptocurrency mining malware and someone has spread their malware using the EternalBlue exploit which was developed by the infamous NSA (this is the same exploit method used to spread the WannaCry ransomware attack that occurred months ago). Over half a million Windows computers have now been forced to mine the virtual currency and is probably going to end up being very profitable for the cyber criminal.

It’s almost as if that majority of people benefiting from this cryptocurrency bubble is the bad guys. What a surprise that must be to those cryptocrazies out there!

Proofpoint, a global cybersecurity firm – had their researchers point out that a huge, massive, world-wide botnet named “Smominru” is using the NSA born exploit to infect Windows based devices and mine away at monero cryptocurrency (valued at about $250 a coin) for the cybercriminal.

These cybercriminals are using a number of machines to scan through a list of other machines to search for vulnerable devices that can be exploited with the EternalBlue exploit. Over 526,000 Windows computers which are all probably using the unpatched versions of Windows have kind of put themselves in this spot by not taking the precaution to updated to the patched versions available.

The cybercriminals have now mined at least 9,000 monero coins by using the stolen computing power from all these hijacked devices. Some researchers went on record to say that “Based on the hash power associated with the monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz”. Adylkuzz was a network of hijacked devices that were infected with a Remote Administration Tool that came after the historic WannaCry attack. The number of Smominru infections are highest in Russia, India and Taiwan – according to statements by experts on the subject.

“As bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in monero has increased dramatically. While monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators” is what experts went on to further say.

They also added that the cybercriminal behind the job were: “persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations”. It appears that an agency may have already attempted to use a lucrative honeypot to gain access and shutdown the botnet but attempts may have failed valiantly.

The absolute huge profits that could be made from this botnet will only cause this to continue, quoting the researchers saying “given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure.” These same cyber hackers usually use some other form of cryptojacking as well such as using miners made in JavaScript to use website visitors’ computing power to mine craptocurrencies for them. With the rise of hacking events like this on the rise, it’ll be hard to see botnets of these kinds of numbers NOT appearing in the future.

Leave a Reply

 
© 2006-2018 Security magazine.