Copy link
Increase text size
Decrease text size
Link copied

New Monero-mining cryptojacking botnet discovered

A new botnet that secretly mines Monero (XMR) cryptocurrency has been infecting systems since March this year.

Thu, 23 Jul 2020, 12:57 pm UTC

A new type of cryptocurrency-mining botnet has been silently spreading across networks in recent months has been recently discovered by researchers. The botnet was able to propagate by employing multiple methods, which include exploiting SMB vulnerabilities.

The new cryptojacking botnet was discovered by researchers at the Cisco Talos, according to ZDNet. The researchers added that the malware, which was named Prometei by the researchers, has been infecting networks since March this year.

The Prometei malware’s goal is to enslave as many systems as it can to increase the yield of its clandestine mining activities. According to BleedingCompeter, the cryptojacking botnet is programmed to specifically mine the Monero (XMR) cryptocurrency.

One characteristic that sets the Prometei malware apart is that it uses a modular system as well as a variety of techniques to infect target networks and hide its presence from users. It starts by attempting to compromise a computer’s Windows Server Message Block (SMB) protocol via the block’s vulnerabilities such as Eternal Blue.

The Prometei also has a module designed to steal passwords, a modified version of Mimikatz. Combined with brute-force methods, it will scan, store, and test stolen credentials. Passwords are also sent to the operator’s C2 server so they can be reused by “other modules that attempt to verify the validity of the passwords on other systems using SMB and RDP protocols.”

Another thing that sets Prometei apart from its cryptojacking malware peers is that it also features analysis evasion and anti-detection features. Its maker or makers configured it in such a way that later variants of the bot become more complex compared to their predecessors.

Later versions of the main module spread using various names making it difficult for researchers to detect. “In addition to making manual analysis more difficult, this anti-analysis technique also avoids detection in dynamic automated analysis systems,” Cisco Talos’ Vanja Svajcer wrote.

Researchers were able to detect a total of 15 executable modules from the Prometei botnet, which can be divided into two groups. Those involved in the actual cryptocurrency mining were coded using C++ while the rest, such as modules involved in the abuse of SMB, obfuscation, and credential theft, were based on .NET.

Researchers estimate that the number of infected systems worldwide is in the “low thousands” with average earnings per month at around $1,250. “Although earnings of $1,250 per month doesn't sound like a significant amount compared to some other cybercriminal operations, for a single developer in Eastern Europe, this provides more than the average monthly salary for many countries,” Talos said.

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

To leave a comment, please sign in.
  • Moses
  • 2020.07.31 00:17:58
I am a cryptocurrency trader and i make over 200% daily, If you are interested,i can teach you how to trade and also help you achieve your goal in life with crypto i can turn
$4500 into $35000 in less then four weeks,now that bitcoin has low prices...please note that cryptocurrency trading is bitcoin unlike binary and Forex,bitcoin is traded for altcoins also you can reach to me if you are new to bitcoin and to give you more info and guideline on how to invest smartly, this is opportunity life time knocking on your door inbox me for more me on whatsapp :+12067425358
  • 0
  • ·
  • 0
  • Bitcoin (BTC) $36,642.50 (+1.08%)
  • Ethereum (ETH) $1,257.41 (+0.94%)
  • XRP (XRP) $0.224600 (+0.84%)
  • Cardano (ADA) $0.371500 (-3.70%)
  • Litecoin (LTC) $152.14 (+5.75%)
  • Bitcoin (BTC) $36,642.50 (+1.08%)
Feb 21, 2020 (Friday)
Paxos launches blockchain-based securities settlement solution with Credit Suisse and Instinet
Brazil to launch new payment system in response to cryptocurrencies
Digital currency exchange Coinbase Pro lists Kyber Network token
Norwegian Air to soon start accepting crypto payments
Swedish central bank begins CBDC pilot with Accenture
Italian soccer team Juventus launches ethereum-based digital collectibles with Sorare
Feb 20, 2020 (Thursday)
Telecom companies complete cross-carrier mobile payments using blockchain
National Stock Exchange of Australia to develop DLT-based digital securities trading platform
South Korean ICO project discontinued, to return $7.5M to token holders
Samsung maintains crypto support in soon-to-launch Galaxy S20
BIS appoints Innovation Hub heads to lead Singapore and Switzerland
Coinbase becomes first crypto company to receive Visa principal membership
Dubai Economy and six banks launch KYC Blockchain Consortium
Crypto Technicals: ETH/USD under downside pressure after 'Bearish Engulfing' pattern
Tim Draper buys $1M worth of Aragon Tokens to create digital courts for DAOs
Renewable energy firm Acciona commits to take CBI’s blockchain-based carbon credits trading platform global
Crypto Technicals: BTC/USD trades below 21-EMA, break below 4H 200 MA (9386) to trigger further downside
Crypto exchange Coinfloor to launch a simplified bitcoin buying service
Indonesia’s customs department joins IBM- Maersk blockchain shipping platform “TradeLens”
Feb 19, 2020 (Wednesday)
Crypto custodian BitGo acquires digital securities startup Harbor
Subscribe to the TokenPost newsletter!
Don't show me this again today.
Back to top
Copyright ⓒ TokenPost. All Rights Reserved.