A New Cryptomining Botnet Called Smominru Infected Over 500 Thousand Windows Machines

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Security researchers from Proofpoint (cybersecurity firm) have discovered that over 500 thousand Windows machines have been infected with Cryptomining malware called Smominru.

Smominru creators used several methods to infect computers. They used vulnerabilities such as EternalBlue (CVE-2017-0144) exploit and EsteemAudit (CVE-2017-0176) exploit to take over computers running unpatched Windows operating systems.

According to the researchers:
“Since the end of May 2017, we have been monitoring a Monero miner that spreads using the EternalBlue Exploit (CVE-2017-0144). The miner itself, known as Smominru”

Smominru botnet creators have now mined around 8,900 Monero, estimated at up to $3.6 million, at the rate of roughly 24 Monero per day ($8,500) by stealing computing resources of millions of Windows machines.

Proofpoint researchers said that the operators have used at least 25 computers to scan the internet to discover vulnerable Windows machines.

“As Bitcoin has become prohibitively resource-intensive to mine outside of dedicated mining farms, interest in Monero has increased dramatically. While Monero can no longer be mined effectively on desktop computers, a distributed botnet like that described here can prove quite lucrative for its operators,”

Users are recommended to keep their computers and software updated to evade the infection of any malware.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0
The following two tabs change content below.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply