Cryptocurrency News Today: Stantinko botnet caught using YouTube to mine Monero cryptocurrency

0
9
Cryptocurrency News Today: Stantinko botnet caught using YouTube to mine Monero cryptocurrency

The Stantinko botnet, which is thought to have infected at least 500,000 devices worldwide, has now added cryptomining to its toolset — and it’s been using YouTube to evade detection.

According to researchers at cybersecurity solutions provider ESET, the botnet’s operators are now distributing a module which mines privacy-focused coin Monero.

The botnet, which is known to have been active since at least 2012 and typically targets users in Russia, Ukraine, Belarus and Kazakhstan, had previously resorted to other methods, including click fraud, ad injection, social network fraud, and password stealing attacks to generate income.

ESET researchers say that the module’s most notable feature is how it obfuscates itself to thwart analysis and avoid detection. 

“Due to the use of source level obfuscations with a grain of randomness and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique,” they explained.

The botnet’s cryptomining module is a highly modified version of the xmr-stak open-source cryptominer, researchers noted.

The botnet‘s creators have even removed certain functionality from the malware in a bid evade detection.

“The remaining strings and functions are heavily obfuscated. ESET security products detect this malware as Win{32,64}/CoinMiner.Stantinko,” the researchers added.

Interestingly, CoinMiner.Stantinko doesn’t communicate directly with its mining pool, instead it uses proxies whose IP addresses are acquired from the description text of YouTube videos.

ESET says it alerted YouTube of this abuse; and all the channels containing these videos have now been taken down.

“At the very core of the cryptomining function lies the process of hashing, and communication with the proxy […] CoinMiner.Stantinko sets the communication with the first mining proxy it finds alive,” the researchers said.

Then, the code of the hashing algorithm is downloaded from t

Read More

Leave a reply