For last couple of years, we have seen a number of major cyber attacks, malware and randsomeware attacks. Victims has mostly have been the traditional financial organizations. From the beginning of the current year, we notice a rapid change in the cyber threat landscape.
As cyptocurrency is becoming more and more popular day by day, it is getting attention from everybody including the hackers. As a result, cryptocurrency-related malware is becoming a popular and profitable choice of cyber criminals.
Researchers from Proofpoint discovered a massive global botnet dubbed “Smominru,” a.k.a Ismo, that is using EternalBlue SMB exploit (CVE-2017-0144) to infect Windows computers to secretly mine Monero cryptocurrency, worth millions of dollars, for its master.
Researchers from Proofpoint discovered a Monero mining botnet called Smominru (aka Ismo). It used EternalBlue SMB exploit (CVE-2017-0144) to infect more than 600,000 computers to secretly mine Monero cryptocurrency malware. This exploit, which was created by America’s National Security Agency (NSA), was leaked by a hacking group called Shadow Brokers in April 2017.
The botnet operating criminals have already mined more than 9,000 Monero, valued at up to $3.7 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of systems.
Recently CrowdStrike, a security company, recently reported another widespread cryptocurrency fileless malware, dubbed WannaMine, using EternalBlue exploit to infect computers to mine Monero cryptocurrency.
WannaMine infection doen’t involve any downloading of application, it is harder to detect by tradtional antivirus programs. CrowdStrike researchers observed the malware has rendered “some companies unable to operate for days and weeks at a time.”
Caution is the key to defend this sort of attacks.