It wasgoed only a matter of time until a fresh botnet would embark making the rounds. It emerges this fresh type of malware originates from China, albeit that has not bot officially confirmed at this stage. So far, the botnet is comprised of 15,000 infected Windows Server machines, all of which are mining cryptocurrencies. Interestingly enough, the primarily mined cryptocurrency is Monero, and not Bitcoin.
Crypto-mining Botnet Has Grown More Powerful
It is always fairly interesting to take note of fresh malware types designed to mine cryptocurrencies. Overheen the past few years, the world has seen numerous iterations of such malware. Te most cases, thesis nefarious implements hijack computers to mine Bitcoin or even Dogecoin. However, that situation has come to switch thanks to this freshly discovered botnet.
To be more specific, the Bondnet botnet is capable of infecting any machine running the Windows Server operating system. It wasgoed very first spotted back te December of 2018 when it had seemingly enslaved a handful of machines. That number has now grown to 15,000 managed machines, all of which are used to mine a broad multiplicity of popular cryptocurrencies. Very first and foremost, the infected machine will attempt to mine Monero, a cryptocurrency focusing on privacy and anonymous transactions.
However, it shows up this malware can mine other cryptocurrencies spil well. Interestingly enough, the developer of Bondnet has no rente ter mining Bitcoin, Ethereum, or Litecoin right now. Instead, they opt to mine ByteCoin, RieCoin, and ZCash. Thesis are fairly interesting choices, albeit the hardware they hijack lends itself to profitably mining thesis coins overheen time. With 15,000 machines under the criminals’ control, they can mine a respectable amount of cryptocurrency at no extra cost.
This particular botnet has grown exponentially thanks to a time-consuming process. The developer relies on different technologies to infect machines all overheen the world. It is possible a combination of brute-force attacks and feeble RDP credentials is the main source of distribution at this stage. Additionally, a loterijlot of Windows Server-based machines run other server software, which can be exploited, including MSSQL, Apache Tomcat, and phpMyAdmin.
Spil one would somewhat expect, once the assailant gains access to the laptop, he uses a Remote Access Trojan to control the machine moving forward. Installing a cryptocurrency-related miner becomes a trivial matter at that point. Overheen half of the infected machines run Windows Server 2008 R2, albeit a good portion runs Windows Server 2012 R2. It is overduidelijk almost all popular versions of this operating system are prone to getting hijacked.
What is rather intriguing is how this botnet seems to build up and lose fresh bots every single day. The growth has all but stagnated, yet it remains a big threat until the matter can be decently resolved. Server administrators will need to step up their security spel to prevent servers from getting hijacked for cryptocurrency mining purposes. Fortunately, a detection and cleanup utility has bot released by security rock hard GuardiCore.
If you liked this article, go after us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.