New Mining Botnet Infects Over 500,000 Windows Machines
A botnet is now using the exploit that WannaCry used to turn over half a million servers into mining drones for hackers.
As security experts try to find solutions to the growing phenomenon of cryptocurrency-related hacking incidents, a botnet has sprung out of nowhere and started gobbling up the resources of hundreds of thousands of computers around the world.
This behemoth is called Smominru, and it has infected over 500,000 Windows-based computer systems.
Presumably, the majority of these computers are corporate and government servers, giving it an uncanny resemblance to the WannaCry ransomware attack that hit hundreds of thousands of computers worldwide last year.
The resemblance stops here, however, as Smominru uses the CPUs to mine Monero as opposed to locking up system files and asking for a ransom in cryptocurrency.
The virus itself seems to be using the same EternalBlue exploit that came to light after the NSA leaks last April.
It happens to be the same exploit that WannaCry used to infiltrate the networks of major organizations, including Britain’s National Health Service.
We know that servers are usually vulnerable to this exploit because it attacks the Windows Server Message Block service on port 445.
According to cybersecurity experts at Proofpoint, the application could be making up to 24 Monero per day, which amounts to around $5,500 at the time of writing.
Talos, another security firm, studied botnets with millions of victims in the past.
“Talos has observed botnets consisting of millions of infected systems, which using our previous logic means that these systems could be leveraged to generate more than $100 million per year theoretically,” a report by the company said.
Monero appears to be the coin of choice for hackers as we see more malware associated with it.
A recent report revealed that millions of computers in Thailand and around the world are currently mining Monero through malware without the knowledge of the victimized PC owners.
This situation is bound to worsen as anonymous cryptocurrencies offer hackers a way to cash out their gains.