New research by Guardicore sheds light on the evolution of the Smominru mining botnet that infected over 500,000 devices last year. Last month, the botnet added 90,000 new victims to its tally and currently continues to grow at around 4.7 infections per day. It mostly targets Windows 7 and Windows Server 2008 machines.
Smominru spreads by taking advantage of the EternalBlue exploit, which was exploited in the 2017 global WannaCry infection, as well as by brute forcing poorly secured implementations of Internet-facing services like RDP, MSSQL and Telnet. The malware is capable of installing cryptominers and backdoors, changing device configurations, and stealing login credentials. It will also scan targeted devices for the presence of rival (botnet) malware and subsequently remove any such infections. Guardicore points out that 25% of infected devices were compromised more than once, which means that even when a device owner detects and removes the infection, Smominru can reinfect the device if the owner fails to resolve certain security issues.
Read more: Smominru Mining Botnet In Cyber Turf War With Rival Malware