Cryptocurrencies

Stantinko botnet mines Monero using YouTube

The crooks behind the Stantinko botnet are mining Monero using YouTube, it has been reported.

Researchers from IT security firm ESET discovered the criminals are distributing a Monero-mining module ­– CoinMiner.Stantinko – to the computers they control.

The operators of the Stantinko botnet, who control roughly half a million computers and have been active since at least 2012, mainly target users in Russia, Ukraine, Belarus, and Kazakhstan – but now they have expanded into a new business model.

To hide its communication, the module doesn’t communicate with its mining pool directly, but via proxies whose IP addresses are acquired from the description text of YouTube videos.

ESET says it informed YouTube of this abuse and all the channels with these videos were taken down.

Vladislav Hrčka, the ESET malware analyst who conducted the research, said: “After years of relying on click fraud, ad injection, social network fraud, and credential stealing, Stantinko has started to mine Monero.

“Since at least August 2018, its operators have been distributing a cryptomining module to the computers they control.

This module’s most notable feature is the way it is obfuscated to thwart analysis and avoid detection.

“Due to the use of source-level obfuscations with a grain of randomness, and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique,” added Hrčka.

CoinMiner.Stantinko employs some interesting tricks to avoid detection, ESET claims.

To prevent raising the suspicion of victims, CoinMiner.Stantinko suspends the cryptomining function if the PC is on battery power or when a task manager is detected.

It also checks to see if other cryptomining applications are running on the computer and eventually suspends them. CoinMiner.Stantinko also scans running processes to find security software.

“While CoinMiner.Stantinko is far from being the most dangerous malware out there, it’s annoying, to say the least, to have the computer busy making money for criminals,” Hrčka said.

“More alarming should be the fact that at any point of time, Stantinko could serve the victims’ computers with any other – possibly damaging – malware.”

Sam Webb

Sam has nearly two decades of reporting experience and has previously worked for The Mail, The Sun, The Mirror, The Daily Star and numerous trade publications. As a freelancer, he has had stories picked up by media outlets throughout the world including Fox News, The Times and News.com.au. He focuses on foreign news and is keenly interested in how crypto is used by criminals and terrorists.

Disqus Comments Loading...

Recent Posts

Zircuit Launches ZRC Token: Pioneering the Next Era of Decentralized Finance

George Town, Grand Cayman, 22nd November 2024, Chainwire

5 hours ago

The surge of Bitcoin NFTs: Everything you should know about Bitcoin ordinals

From digital art to real-estate assets, NFTs have become a significant attraction for investors who…

4 weeks ago

MEXC Partners with Aptos to Launch Events Featuring a 1.5 Million USDT Prize Pool

Singapore, Singapore, 21st October 2024, Chainwire

1 month ago