Thereâs another Monero mining botnet thatâs targeting China. Or maybe itâs one weâve seen before.
Bloggers steeped in the hacker-verse recently exposed a URL spreading a botnet that looks suspiciously like one unleashed by the Outlaw hacking group last year. The Outlaw outfit â a name coined by its discoverers at Trend Micro, who translated âthe Romanian word haiduc, the hacking tool the group primarily usesâ â is infamous for its previous release of a Perl-based shellbot that infiltrates through weaknesses in the Internet of Things.
The new attack, uncovered by Trend Microâs honeypot security systems, has been restricted to computers based in China so far. The malware is spread through a malicious URL which bundles in a Monero-mining script and a backdoor-based exploit.
Trend Micro estimates that hackers have used crypto-jacking to mine $250,000 per month in Monero.
The Outlaw botnet uses a brute force attack and Secure Shell (SSH) exploit to give the attackers remote access over victimâs systems. A more detailed report of Outlawâs previous attack showed that once the attackers have access, the malware executes commands to download and install the cryptocurrency miner payload. Additionally, if the malware detects cryptocurrency miners already installed on the system, it will delete them to reduce competition for system resources.
The security experts also noted that the backdoor component is also capable of launching distributed denial-of-service attacks which would allow the cybercriminals to monetize their botnet not only through mining, but by offering DDoS-for-hire services.
However, because the scripts havenât been activated, Trend Micro believes the hackers are still in the testing and development phase. They suggest the malware may be laying dormant until future editions of the botnet are released.
This comment lead TheNextWeb to speculate whether the botnet has mined any cryptocurrency or made any successful attacks yet.
Monero image via CoinDesk Archives
