Smominru Cryptominer Scrapes Credentials for Half-Million Machines

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
A commodity cryptomining botnet campaign that has infected a half-million computers is now tapping a lucrative secondary moneymaking opportunity in selling access to victim machines, according to researchers.

An analysis of the known Smominru cryptomining campaign, which uses a modified version of XMRig to perform Monero mining, has uncovered an evolution in tools to include RATs, the Mimikatz credential-scraper and an EternalBlue exploit for propagation. This has all coalesced into a multistage campaign involving profiling and selling victim and network access, according to Carbon Black’s Threat Analysis Unit (CB TAU).

“[Our hypothesis is] that these systems were being profiled for the purpose of selling access to buyers interested in that type of machine, especially any machine that happens to be located within a particular company of interest,” CB TAU researchers said in their report, published Wednesday. “Furthermore, based on the evidence uncovered, this campaign has been actively underway for the past two years, infecting systems en masse and actively spreading by way of EternalBlue.”
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043

All right! Bot mafia turf wars. I love it. Hope someone makes a TV series based on this. (y)(y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top