Over half a million PCs infected as hackers go after cryptocurrency
Authored by a Symantec employee
What happens when cryptocurrency becomes one of the most desired forms of money? Everyone takes notice. That includes hackers. This time cybercriminals have set their eyes on Monero, a highly sought after, private and untraceable cryptocurrency.
Researchers from Proofpoint discovered a Monero mining botnet called Smominru (aka Ismo) that spreads using the EternalBlue exploit.1 This exploit, which was created by America's National Security Agency (NSA), was leaked by a hacking group called Shadow Brokers in April 2017. EternalBlue was responsible for the debilitating WannaCry ransomware attack that infected over 200,000 computers all over the world.
What is the Smominru botnet?
Smominru is a botnet that comprises over 526,000 Windows PC computers. It is known to deliver a variety of malware and Trojans to vulnerable devices, ultimately benefiting the operator by mining cryptocurrency. According to a recent report, Smominru has infected over half a million computers and could forcibly mine nearly 9,000 Monero tokens.2 At the time of writing, this amount could be worth somewhere between $2.8 to $3.6 million. According to Proofpoint, the 'hashpower,' or the speed at which mining operations unlock new units of cryptocurrency, is twice the size of other mining operations. This makes execution that much faster. Even though the bot was distributed all over the world, Russia, India and Taiwan were the most affected countries.
What precautions to take for the Smominru botnet
Just like it protected its customers from WannaCry Ransomware before it was distributed, Norton Security can help protect against Smominru. Update your Internet security suite and operating systems with the latest updates.
To check if your Norton product's definitions are up to date click here.
A security suite that helps protect your devices.
Free security software just doesn’t have the resources to keep up with new threats as they emerge. That’s why you need a multi-layered defense to security. Meet Norton Security Premium — protection for up to 5 of your devices.
1 Proofpoint, "Smominru Monero mining botnet making millions for operators," January 31, 2018.
2 The Hacker News, "Cryptocurrency mining malware infected over half-million PCs using NSA exploit," January 31, 2018.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.