7 Cryptominers & Cryptomining Botnets You Can't Ignore

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.

Coinhive

Coinhive is a cryptocurrency miner deployed on thousands of websites around the world - some with the knowledge and permission of the site owners, but often without their knowledge. It is designed to mine for the Monero cryptocurrency by surreptitiously hijacking the computing resources of the systems being used by visitors to these sites.

Coinhive by itself is not malicious. In fact, Coinhive.com has been making the miner available to website owners so they can run it in the browsers of users to their sites and make some Monero in return for giving users an ad-free experience. But multiple security vendors have begun blocking Coinhive because many site owners have been running the miner without informing users about it.

Cybercriminals too have been indiscriminately embedding the miner on thousands of websites without the knowledge of the site owners. Check Point Software Technologies has estimated that in January 2018 a staggering 23% of organizations worldwide were impacted by Coinhive.

Coinhive's in-browser JavaScript mining code was also secretly loaded into 19 Android apps sold on the Google Play store. One was installed on 100,000 to 500,000 devices, says Taylor Armerding, senior security strategist at Synopsys
Click to expand...


Smominru

The Smominru Monero mining botnet is comprised of over 520,000 Windows hosts, most of which are servers. The operators of the botnet have been exploiting the NSA's leaked EternalBlue exploit to infect systems worldwide with the Smominru miner and make them part of the botnet, according to security vendor Proofpoint, the first to discover the botnet.
...
......
..
Click to expand...

WannaMine

WannaMine, discovered by Panda Security in October is another of the many miners for Monero. Panda has described it as particularly troubling, due to the manner in which it tries to max out use of the processor and RAM of infected systems.

Crowdstrike has described it as being designed to propagate effectively within corporate networks by using the Mimikatz credential harvester to acquire credentials for moving laterally within a network. If that fails, WannaMine tries to spread to other systems using the NSA's EternalBlue exploit.
...
...
.......
Click to expand...
 
  • Like
Reactions: AtlBo and harlan4096
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • HaHa
Crypto Opinions & News Hacker spins up 1 million virtual servers to mine crypto
Replies
1
Views
710
Crypto News
MuzzMelbourne
MuzzMelbourne
nicolaasjan
    • Like
    • +Reputation
Security News Police take offline multiple botnets used in ransomware attacks
Replies
0
Views
1,816
Security News
nicolaasjan
nicolaasjan
Victor M
    • Like
    • Wow
Security News NSA found Massive BotNet of routers, firewalls, NAS and IoT operated by PRC
Replies
2
Views
1,629
Security News
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top