Security researchers from Proofpoint (cybersecurity firm) have discovered that over 500 thousand Windows machines have been infected with Cryptomining malware called Smominru.
Smominru creators used several methods to infect computers. They used vulnerabilities such as EternalBlue (CVE-2017-0144) exploit and EsteemAudit (CVE-2017-0176) exploit to take over computers running unpatched Windows operating systems.
According to the researchers:
“Since the end of May 2017, we have been monitoring a Monero miner that spreads using the EternalBlue Exploit (CVE-2017-0144). The miner itself, known as Smominru”
Smominru botnet creators have now mined around 8,900 Monero, estimated at up to $3.6 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of Windows machines.
Proofpoint researchers said that the operators have used at least 25 computers to scan the internet to discover vulnerable Windows machines.
“As Bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators,”
Users are recommended to keep their computers and software updated to evade the infection of any malware.