Massive Botnet Turns Windows Machines into Miners

The Counterintelligence Team

The Counterintelligence Team

Share on facebook
Share on twitter
Share on linkedin

Researchers have discovered a massive botnet that has taken over half a million Windows devices and turned them into cryptocurrency miners. The botnet has been dubbed “Smominru” and is powered by the NSA exploit EternalBlue.

The botnet peaked at 526,000 nodes and can regenerate itself which makes this botnet very powerful. It has mined 8,900 Monero which is roughly $2.8M-$3.6M USD. It has also been seen that infected hosts have been conducting attacks using EternalBlue and its worm-like capabilities to infect new victims in order to increase its size.

It is worth noting that attacks also have been happening due to EsteemAudit, which is “an exploit that leverages vulnerabilities in RDP on Windows Server 2003 and Windows XP.”

Cyber-security researchers have been able to take down roughly a third of the botnets, however, the operators behind the botnets have been able to recover. Russia, India and Taiwan have the highest number of infected machines, however, it is unclear who is behind the Smominru attack.

More Articles

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.