Carbon Black researchers are tracking a cryptomining campaign that has already infected more that 500,000 machines with Smominru malware that enslaves them into a massive botnet. According to a new report[pdf], the infected machines are used to mine Monero (XMR) and the malware is also capable of “access mining,” i.e. stealing information such as access credentials from compromised machines.
The researchers believe that the stolen data “could be sold on an access marketplace, allowing for remote access into these systems for use as zombies in large-scale attacks or to execute targeted attacks on specific hosts at specific companies.”
Read more: Smominru hijacks half a million PCs to mine cryptocurrency, steals access data for Dark Web sale