Hundreds of botnets operate internationally to achieve various malicious objectives. One such botnet named Stantinko which has been operating since 2012 in countries such as Russia, Ukraine, Belarus, and Kazakhstan controls over half a million computers globally.
In its latest update, it has added a new capability of cryptomining making use of the highly anonymized cryptocurrency Monero creating a new profitable revenue stream. Although, before this, it still was utilizing Monero for cashing in money through other tactics such as click fraud and ad injection, it is the first time that it has sought to earn money directly through it.
The module as discovered by a software security firm named Eset is being distributed through YouTube. It is reported to be a modified version of an open-source cryptominer called xmr-stak. To avoid detection, all unnecessary components were removed with the remaining ones “heavily obfuscated”.
Additionally, the miner does not even communicate in any direct manner with its compromised mining pool but instead uses proxies “whose IP addresses are acquired from the description text of YouTube videos.” Yet, they are not the first of attackers to use such tactics. A banking malware named Casbaneiro has also been known to store encrypted C&Cs by concealing the text within descriptions.
One of the videos used in the scam.
Unlike the rest of CoinMiner.Stantinko, the hashing algorithm isn’t obfuscated, since obfuscation would significantly impair the speed of hash calcu ..
Support the originator by clicking the read the rest link below.
