Authored by a Symantec employee
What happens when cryptocurrency becomes one of the most desired forms of money? Everyone takes notice. That includes hackers. This time cybercriminals have set their eyes on Monero, a highly sought after, private and untraceable cryptocurrency.
Researchers from Proofpoint discovered a Monero mining botnet called Smominru (aka Ismo) that spreads using the EternalBlue exploit.1 This exploit, which was created by America's National Security Agency (NSA), was leaked by a hacking group called Shadow Brokers in April 2017. EternalBlue was responsible for the debilitating WannaCry ransomware attack that infected over 200,000 computers all over the world.
What is the Smominru botnet?
Smominru is a botnet that comprises over 526,000 Windows PC computers. It is known to deliver a variety of malware and Trojans to vulnerable devices, ultimately benefiting the operator by mining cryptocurrency. According to a recent report, Smominru has infected over half a million computers and could forcibly mine nearly 9,000 Monero tokens.2 At the time of writing, this amount could be worth somewhere between $2.8 to $3.6 million. According to Proofpoint, the 'hashpower,' or the speed at which mining operations unlock new units of cryptocurrency, is twice the size of other mining operations. This makes execution that much faster. Even though the bot was distributed all over the world, Russia, India and Taiwan were the most affected countries.
What precautions to take for the Smominru botnet
Just like it protected its customers from WannaCry Ransomware before it was distributed, Norton Security can help protect against Smominru. Update your Internet security suite and operating systems with the latest updates.
To check if your Norton product's definitions are up to date click here.
1 Proofpoint, "Smominru Monero mining botnet making millions for operators," January 31, 2018.
2 The Hacker News, "Cryptocurrency mining malware infected over half-million PCs using NSA exploit," January 31, 2018.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone