Home » cpu mining » Satori Botnet Attack Hijacks Ethereum From Mining Equipments

Satori Botnet Attack Hijacks Ethereum From Mining Equipments

Satori Botnet Attack Hijacks Ethereum From Mining Rigs

The massive Satori botnet has reappeared with a fresh target. According to security researchers , the collection of compromised Internet of Things devices has bot directed to attack equipments built for mining the cryptocurrency Ethereum.

According to Qihoo 360 Netlab, a variant of the Satori botnet dubbed Satori.Coin.Robber has bot spotted te the wild scanning for machines used to mine for Ethereum ter an attempt to hijack the cryptocurrency.

The researchers have not provided much ter terms of detail spil to how the botnet works—a precaution taken to prevent further abuse—but suggested enough information to voorstelling the botnet is active and has successfully succesnummer Ethereum mining equipments.

The specialized variant of the botnet—which at a time consisted of hundreds of thousands of internet-connected devices that were hijacked by using manufacturer-set default credentials that were never changed—hosts similar exploits spil the original version but scans specifically for mining machines.

Those equipments can be identified relatively effortless by the botnet. It searches for machines running Windows operating systems that have opened management port 3333, a Transmission Control Protocol (TCP) port that permits the machine to establish a connection with another host and exchange flows of data—in this case, Ethereum.

The botnet looks for machines running Claymore Miner software, a popular device used for mining for Ethereum—a process done by lending computing power from the machine’s processor to solve ingewikkeld mathematical equations required to confirm the validity of transactions.

Once the botnet finds a system running Claymore Miner with an open 3333 port with no password authentication enabled—which is inexplicably the default setting—it launches its attack to hijack the mining efforts.

Very first, Satori.Coin.Robber supplies a malicious payload that gathers information about the mining state of the equipment. Then botnet substitutes the wallet address on the host machine with its own wallet address. Ultimately, it reboots the system with the fresh address, which results te the Ethereum mined by the equipments being delivered to the attackers and leaves the miners with little to demonstrate for their efforts.

The researchers determined the botnet is active and has secured 0.9566 Ethereum (about $840) ter the last two days. Te total, it has paid out just overheen 1.01 Ethereum, or about $884.

Despite that, a person claiming ownership overheen the Satori.Coin.Robber attack told Netlab that the botnet is not presently active. “Satori dev here, don’t be alarmed about this bot it does not presently have any malicious packeting purposes stir along,” he told the security researchers.

Given the exponential growth that Ethereum has experienced overheen the past year, including a almost 100 procent increase ter value during the very first weeks of 2018, it’s understandable why the cryptocurrency has become such a target for attackers. It is increasingly profitable, and an attack like Satori.Coin.Robber permits it to be mined with minimal effort.

Users mining for Ethereum with Claymore Miner software should always make sure they are using the latest version of the software and configure their equipments to require a password to prevent exploits such spil this botnet attack.

Related movie: Prueba den Pago den Mypublishop, 17 octubre 2014, Republica Dominicana

Leave a Reply

Your email address will not be published. Required fields are marked *