• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New Monero mining malware infected 500K PCs by using 2 NSA exploits

February 2nd, 2018 Waqas Malware, Security 0 comments
New Monero mining malware infected 500K PCs by using 2 NSA exploits
Share on FacebookShare on Twitter

Another day, another Monero mining malware – This one uses two NSA exploits and so far it has mined over 8,900 Monero.

It looks like the craze of cryptocurrency mining is taking over the world by storm as every new day there is a new malware targeting unsuspecting users to use their computing power to mine cryptocurrency. Recently, the IT security researchers at Proofpoint have discovered a Monero mining malware that uses leaked NSA (National Security Agency) EternalBlue exploit to spread itself.

NSA’s leaked EternalBlue exploit in action

Dubbed Smominru by researchers, the is highly sophisticated malware has infected 526,000 Windows-based computers since May 2017 and is capable of mining around 24 Monero (XMR) per day which is currently $5,657. So far, the malware has generated 8,900 Monero which is around $2 million from targets in India, Russia, and Taiwan.

Monero mining malware infects 500K PCs by using 2 NSA exploits

Smominru Stats and Payments on the MineXMR mining pool (Credit: Proofpoint).

“Based on the hash power associated with the Monero payment address for this operation, it appeared that this botnet was likely twice the size of Adylkuzz,” researchers wrote in their blog post.

Adylkuzz is another cryptocurrency malware appeared after the WannaCry attack. Adylkuzz also uses EternalBlue and targets Windows-based computers to mine Monero cryptocurrency.

The EternalBlue exploit was leaked by Shadow Brokers hacking group after hacking the agency. The same exploit was then used by hackers to spread WannaCry ransomware campaign which affected over 200,000 victims and more than 300,000 computers around the world.

Smominru also uses NSA’s EsteemAudit exploit

According to researchers, hackers are also using another NSA exploit called EsteemAudit to spread Smominru malware. The EsteemAudit exploit was leaked by Shadow Brokers in April 2017. The ex-NSA spy Edward Snowden had described the leak as “The mother of all exploits.”

Furthermore, Smominru’s command and control (C&C) infrastructure is hosted on SharkTech, a DDoS protection company in Las Vegas, NV. Proofpoint informed SharkTech about the ongoing cybercriminal activity on their server but did not receive any reply from the company.

“As bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Moreno can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators,” said Proofpoint researchers.

“The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations,” researchers added.

As HackRead previously reported the easiest way to generate Monero is using Javascript code provided by Coinhive however, hackers have been using the code for malicious purposes. Just a week ago, YouTube ads were found generating Monero by using the visitors’ CPUs (Central Processing Unit) power.

Moreover, hackers also exploited vulnerabilities in Oracle WebLogic flaws to mine $266,000 worth of Monero while BlackBerry’s mobile website was also hacked to mine Monero. These incidents indicate that hackers and cybercriminal community is eager to make easy money, therefore, users should remain vigilant and avoid downloading files from third-party websites.

How To Block Cryptocurrency Mining

There are several ways of blocking cryptocurrency minors from using your browser and CPU power including minerBlock and No Coin extensions on Chrome web store developed for the sole purpose of blocking cryptocurrency mining and cryptojacking. Both extensions are open source and open to the public, users can check out the source code on Github here and here.

Opera Browser

Opera browser is a valuable line of defense against such cryptocurrency mining. Opera 50 prevents websites from hijacking your browser to mine cryptocurrency while its apps on Android and iOS store are equipped with anti-cryptocurrency mining capability which stops malicious apps from hijacking your device to mine cryptocurrencies.

Related: Russian Hacker Exploits GTA 5 PC Mod to Install Cryptocurrency Miner

  • Tags
  • Bitcoin
  • Cryptocurrency
  • Cryptojacking
  • Cyber Crime
  • hacking
  • Malware
  • Monero
  • NSA
  • security
  • Shadow Brokers
  • WannaCry
Facebook Twitter LinkedIn Pinterest
Previous article Samsung is working on producing cryptocurrency mining chips
Next article Fileless WannaMine Cryptojacking Malware Using NSA Exploit
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells
Security

FBI accessing computers across US to remove malicious web shells

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us