More than 526,000 Windows machines have been infected by botnet malware known as Smominru, causing the infected devices to mine Monero without the owner’s knowledge.
MAKE SURE TO FOLLOW US ON TWITTER: @BLCKCHAINDAILY
The program utilizes a National Security Agency (NSA) exploit, EternalBlue, to distribute the malware.
“As Bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators,” said researchers from security company, Proofpoint.
“The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations. Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes.”
Most infected devices have been found in Taiwan, India, and Russia.
The EternalBlue NSA exploit was also utilized by the 2017 widespread ransomware attack, WannaCry, which encrypted user data and demanding ransom payments in Bitcoin.
The botnet has managed to mine approximately 8,900 Monero, worth around $2.25 million at press time.