Includes 500,000 infected machines used to mine cryptocoins (without user knowledge).
The hacker group "Stantinko" already attracted attention with one of the largest botnets in the world due to the theft of credentials, fraud and the manipulation of banners. Researchers at security researcher Eset have recently discovered a new business model for botnet operators: cryptomining on more than 500,000 computers. So that their machinations remain undetected, they camouflage their malicious program on the infected machines. If the person in question opens the Task Manager or if the affected device goes into battery mode, the coinminer from Stantinko shuts itself off and remains invisible.
To conceal the communication, the malicious program works with proxies whose IP address is determined from the description text of Youtube videos. This technique is very sophisticated, because visiting the video platform is not uncommon. Youtube got informed and deleted the videos.
Not surprisingly, the criminals behind Stantinko are looking for new ways to further increase their financial profits through the botnet. Cryptomining is more profitable and harder to track than its old core adware business. With more than half a million infected computers, the cybercriminals will be attracting lucrative revenue. However, the new scam has the disadvantage that the mining of cryptocurrencies consumes enormous system resources, It makes even the opening of the browser a game of patience. Here, the criminals try tricky ways to go to disguise the malicious program from ordinary Internet users. Where previously advertising was only intrusive, the new mesh interferes with even the simplest work.