Mining

Warning over powerful Smominru crypto mining botnet

Cybersecurity experts have warned a powerful botnet that mines crypto on victims’ networks is spreading quickly.

The Smominru botnet, and variants Hexmen and Mykings, infects hardware and steals its victims’ credentials before installing a Trojan module and a cryptominer which propagates inside the network.

During August, the Smominru botnet infected 90,000 machines around the world, with an infection rate of 4,700 machines per day. Countries with several thousands of infected machines include China, Taiwan, Russia, Brazil, and the US.

As the attacks were untargeted and did not discriminate against industries or targets, the malware reached victims in various sectors. The largest network belongs to a healthcare provider in Italy with a total of 65 infected hosts.

Chillingly, the virus is so sophisticated that many machines were reinfected even after removing Smominru, according to a report by cybersecurity group Guardicore.

Authors Ophir Harpaz and Daniel Goldberg wrote: “When discussing worms, there are no interesting and uninteresting targets – every vulnerable server is under attack.

“Once it gains a foothold, Smominru attempts to move laterally and infect as many machines as possible inside the organisation. Within one month, more than 4,900 networks were infected by the worm. Many of these networks had dozens of internal machines infected.”

A Smominru infection rate map. The darker the blue, the more infections

The report added: “This suggests that these systems remain unpatched, and therefore vulnerable to this botnet or other similar attackers.

“Since patching is often complicated in large data centers, it is highly important to use additional security controls, such as applying network segmentation and minimising the number of internet-facing servers.”

The infected machines are primarily small servers with 1-4 CPU cores, but there were also some larger servers. One infected machine was running on a 32-core server.

“Unfortunately, this demonstrates that while many companies spend money on expensive hardware, they are not taking basic security measures, such as patching their running operating system,” the report added.

 

Sam Webb

Sam has nearly two decades of reporting experience and has previously worked for The Mail, The Sun, The Mirror, The Daily Star and numerous trade publications. As a freelancer, he has had stories picked up by media outlets throughout the world including Fox News, The Times and News.com.au. He focuses on foreign news and is keenly interested in how crypto is used by criminals and terrorists.

Disqus Comments Loading...

Recent Posts

Here is why Bitcoin is still a lucrative investment in 2024

Those who enter the market at this time may be surprised to hear that Bitcoin…

2 days ago

Zircuit Launches ZRC Token: Pioneering the Next Era of Decentralized Finance

George Town, Grand Cayman, 22nd November 2024, Chainwire

3 days ago

The surge of Bitcoin NFTs: Everything you should know about Bitcoin ordinals

From digital art to real-estate assets, NFTs have become a significant attraction for investors who…

1 month ago

MEXC Partners with Aptos to Launch Events Featuring a 1.5 Million USDT Prize Pool

Singapore, Singapore, 21st October 2024, Chainwire

1 month ago