Cybersecurity firm ESET has revealed that the operators of the Stantinko botnet have found a new way to profit from the network of computers they control. In a report published on Tuesday, The Slovak internet security company said that the cybercriminals behind the massive botnet have been using YouTube to install crypto-jacking malware on people’s computers.
Stantinko Botnet
The Stantinko botnet primarily targets users who are based in Russia, Belarus, Kazakhstan and Ukraine. It was first discovered in 2017, albeit it has already been operating in stealth mode in 2012.
Prior to distributing a crypto-mining module, the botnet engaged in click fraud, social media fraud, password theft and ad injection to generate income. Now, ESET revealed that the botnet has a new monetization strategy that involves remote mining of cryptocurrency using its victims computers.
Botnet Installs Crypto-jacking Malware That Mines Monero
In its report, ESET revealed that the Statinko botnet has been using the popular video sharing site to distribute a cryptocurrency mining module that mines the privacy coin Monero (XMR). The cryptocurrency-stealing malware has so far infected about 500,000 devices worldwide.
The botnet employs tactics similar to previous cryptojacking attacks that involve installing malware on an unsuspecting person’s computer or device to mine cryptocurrency remotely.
The malware steals the processing resources, as well as take over the legitimate system processes and hide the malicious activities on the infected devices, allowing the hackers to earn profits using the computer resources of their unwitting victims.
The malicious program works similar to Dexphot, another malware that Microsoft discovered, which has already infected over 80,000 computers.
ESET said that the Stantinko botnet is difficult to deal with because each of the crypto-mining module it installs is unique. The botnet is also notable for its ability to obfuscate itself to avoid analysis and detection.
“Stantinko’s cryptomining module, which exhausts most of the resources of the compromised machine by mining a cryptocurrency, is a highly modified version of the xmr-stak open-source cryptominer,” the report reads. “All unnecessary strings and even whole functionalities were removed in attempts to evade detection. “
YouTube Takes Down Channels
ESET has already informed YouTube about the threat in their system. The video-sharing platform responded by taking down all the channels found to have traces of the Stantinko code.
Read more at: https://coinspace.com/news/global/botnet-uses-youtube-distribute-malware-remotely-mines-monero-cryptocurrency
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://coinspace.com/news/global/botnet-uses-youtube-distribute-malware-remotely-mines-monero-cryptocurrency