Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data

News and Analysis

Threat intelligence research team Cisco Talos has discovered a cryptocurrency mining botnet attack dubbed Prometei. The main purpose of the actor is to deploy users’ computer systems to mine Monero (XMR). Another possible goal is to steal Bitcoin (BTC) wallets that might be protected by passwords stolen with open-source app Mimikatz.

Once installed and launched, the malware not only disguises itself as other programs to set up hidden mining operations but also allows the attacker to control the infected system and copy files. The analysts also identified attempts to steal administrator passwords. The report explains:

“The infection starts with the main botnet file which is copied from other infected systems by means of SMB, using passwords retrieved by a modified Mimikatz module and exploits such as Eternal Blue. The actor is also aware of the latest SMB vulnerabilities such as SMBGhost, but no evidence of using this exploit has been found.”

Prometei has been active since early March. The researchers noted that the earning potential of the botnet is relatively small as over the past four months it has managed to make just under $5,000, or $1,250 per month on average.

Cisco Talos believes that the botnet was created by a professional developer from Eastern Europe, although the attacker could not be identified.

Illegal crypto miners are on the rise

As reported in May, the first quarter of last year saw the emergence of new families of cryptojacking—a scheme to illegally use users’ devices to mine cryptocurrencies—targeting Windows and Apple devices.

Per the McAfee Labs Threats Report report released in August 2019, the volume of cryptojacking campaigns targeting victims’ computers to mine cryptocurrencies continued to grow and increased by 29%, by that time.

As reported by Check Point Software Technologies, 2019 saw 38% of companies worldwide impacted by illegal cryptocurrency miners because their use remains a low-risk and high-reward activity for criminals.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter


Related posts

Tags: , ,