One of Trend Micro’s security systems uncovered a URL spreading the cryptocurrency mining botnet, which was also bundled with a backdoor-based exploit, security researchers say. The experts also identified the malware has so far targeted computers based in China. It’s believed that the Outlaw hacking group, known for another cryptocurrency mining botnet, is also responsible for this attack as the techniques used are almost identical to its previous exploits. That said, researchers believe the hackers are still in the testing and development phase. Trend Micro identified a number of scripts and files that, while contained in the malware, were not used, suggesting they may be laying dormant as they wait for future editions of the botnet. It’s unclear if this mining botnet has mined any cryptocurrency, or made any successful attacks yet.

How does it work?

The Monero mining botnet uses a brute force attack and Secure Shell (SSH) exploit to give the attackers remote access over victim’s systems. Once the attackers have access, the malware executes two commands, one of which is to download and install the cryptocurrency miner payload. If the malware detects cryptocurrency miners already installed on the system, it will delete them to reduce competition for system resources. What’s also alarming, is that researchers uncovered an APK (Android Package) file in the malware. Given that the virus appears to be in development, it’s possible that hackers will go on to target Android mobile devices with malicious app files. Earlier this week, security researchers uncovered another cryptocurrency mining malware that was sneaking its way on to Oracle web application servers. Unlike Outlaw’s mining botnet which used brute force attacks, the Oracle malware was more cunning, and even hid itself in certificate files to remain unnoticed. In April 2019, security researchers uncovered another cryptocurrency mining malware that was targeting Chinese enterprises and other systems across Asia. The cryptocurrency mining malware was spread through malicious Excel documents. As ever though, Monero remains the preferred choice of cryptocurrency for hackers. It was estimated last year that browser-based crypto-jacking was generating over $250,000 per month in Monero.