Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data
Threat intelligence research team Cisco Talos has discovered a cryptocurrency mining botnet attack dubbed Prometei. The main purpose of the actor is to deploy users’ computer systems to mine Monero (XMR). Another possible goal is to steal Bitcoin (BTC) wallets that might be protected by passwords stolen with open-source app Mimikatz.
Once installed and launched, the malware not only disguises itself as other programs to set up hidden mining operations but also allows the attacker to control the infected system and copy files. The analysts also identified attempts to steal administrator passwords. The report explains:
“The infection starts with the main botnet file which is copied from other infected systems by means of SMB, using passwords retrieved by a modified Mimikatz module and exploits such as Eternal Blue. The actor is also aware of the latest SMB vulnerabilities such as SMBGhost, but no evidence of using this exploit has been found.”
Prometei has been active since early March. The researchers noted that the earning potential of the botnet is relatively small as over the past four months it has managed to make just under $5,000, or $1,250 per month on average.
Cisco Talos believes that the botnet was created by a professional developer from Eastern Europe, although the attacker could not be identified.
Illegal crypto miners are on the rise
As forklog.media reported in May, the first quarter of last year saw the emergence of new families of cryptojacking—a scheme to illegally use users’ devices to mine cryptocurrencies—targeting Windows and Apple devices.
Per the McAfee Labs Threats Report report released in August 2019, the volume of cryptojacking campaigns targeting victims’ computers to mine cryptocurrencies continued to grow and increased by 29%, by that time.
As reported by Check Point Software Technologies, 2019 saw 38% of companies worldwide impacted by illegal cryptocurrency miners because their use remains a low-risk and high-reward activity for criminals.
Subscribe to our Newsletter<
- Banking Trojan Mekotio Now Targets Cryptocurrencies
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- Malware App Fakes Postal Service to Steal User Personal Data and Manipulate SMS Messages
- FBI Names Six U.S. States Most Vulnerable to Online Attacks
- Amnesty Tech Exec: NSO Group’s Malicious Spyware Is Enabling State-Sponsored Repression of Human Rights Defenders