Major Botnet Resurfaces to Pounce on Claymore Mining Rigs

Nothing says “Welcome to 2018” like an enormous botnet that attacks Ethereum mining rigs and turns them into drones pandering to the hackers’ every whim.

After being swiftly shut down by the Internet security community, the Satori botnet has staged a comeback.

But this time, instead of attacking IoT devices like its predecessor, the new version attacks systems using the Claymore cryptocurrency miner.

The Satori malware changes the configuration on the miner so that it sends mined Ethereum to the hacker’s address.

It also drops a message, deceptively reassuring the owner of the mining system that everything is fine:

“Satori dev here, don’t be alarmed about this bot it does not currently have any malicious packeting purposes move along. I can be contacted at[email protected].”

This is yet another case that points to the growing sophistication of attacks in the cryptocurrency world.

It also justifies predictions made last month by people like Lee Chen, the CEO of A10 Networks.

“I think the digital transformation is the underlying motivation for hackers… So, expect the frequency, the size, the volume of hacks to continue to increase in 2018,” he said.

Just over a week ago, a security researcher found 291 fake Android apps that mine Monero on compromised phones. Among the apps Alderson discovered, 287 lead to the same CoinHive key, meaning this is the work of a single actor.

We’ve gone from lazy “script kiddie” style hacking to full-blown botnets made with psyops-style messages.

Even governments are getting into the game to circumvent sanctions. North Korea was blamed for the WannaCry ransomware attack that affected hundreds of thousands of computers worldwide.

The country is also suspected of infiltrating South Korean servers to get its hands on Monero.

It really wouldn’t be a surprise to see 2018 become the year that hackers subvert the cryptocurrency world.