There is another Monero mining botnet that is targeting China. Or maybe it is one we have seen before.
Bloggers that are well versed in the hacker universe recently uncovered a URL dissemination a botnet that looks deviously like one allowed to run riot by the Outlaw hacking group just last year. The Outlaw group — a name devised by the people who discovered it at Trend Micro, as they simply translated
“the Romanian word haiduc, the hacking tool the group primarily uses”
Is notorious for its release of a Perl-based shellbot sometime back that penetrates weaknesses found in IOT the Internet of Things.
The new attack was exposed by Trend Micro’s honeypot security systems. So far, it has been limited to computers in China. The malware is disseminated through a malicious URL that bundles in a backdoor-based exploit and a Monero-mining script.
Trend Micro believes that hackers have mined about $250,000 monthly in Monero from crypto-jacking.
The Outlaw botnet uses Secure Shell (SSH) exploit and brute force attack, which gives the attackers remote access to the victim’s computer. A more in depth report of the previous attack by Outlaw showed that immediately the hackers have access, the malware promptly executes a command that downloads and installs the crypto miner payload. In addition, if the malware notices another cryptocurrency miner previously installed on the user’s system, it will delete the software to ease competition for the user’s system resources.
The security specialists noted that the backdoor component can be used to launch DDoS (distributed denial-of-service) attacks which would let the cyber criminals monetize their botnet not just by mining alone, but by proposing DDoS-for-hire services.
On the other hand, because the scripts have not been activated, Trend Micro is certain that the cyber criminals are in the testing and development phase of the botnet. They propose the malware may be dormant at this time until updated versions of the botnet is released.
This comment led TheNextWeb to wonder if the botnet has mined any crypto currency or if they’ve made any successful hacks yet.