The Smominru Monero Mining Botnet is based on the WannaCry EternalBlue vulnerability originally developed by the U.S. Military Intelligence Agency (NSA). In the summer of 2017, after the announcement by the hacker group The Shadow Brokers, countless computers were infected by malware that exploited the NSA’s vulnerability. Unfortunately, the problem is homemade.
A botnet is a set of infected computers controlled from a central location. The hijacked PCs can be misused after the takeover to capture the personal data of the owners, send spam mails or paralyze websites with countless page requests, which is commonly referred to as a DDoS attack.
Monero Miner as a danger for cryptosoft companies
The anonymous operators have reacted very promptly and flexibly to all countermeasures of the security researchers, which is why Smominru is still active. According to several security researchers, Bitcoin no longer plays a role in this cryptosoft sector: For regular PCs and web servers, the computing effort involved in prospecting is far too great and the yield too low. The crypto currency Monero with its focus on data protection, however, is far more interesting for such applications. According to the IT security company Proofpoint, which reported on Smominru at a very early stage, such botnets will become even larger in the future and are likely to occur at even shorter intervals.
Once again, the US secret service NSA acted as a crypto trader helper
In recent years, their crypto trader programmers have developed software for their own purposes with which they could exploit a previously unknown Windows vulnerability to gain full access to the target . By the time most Windows installations could be updated, it was already too late.
A comparable botnet called WannaMine even caused data processing failures in several companies because the computers overheated as a result of the mining, which ultimately led to their destruction. To date, around one hundred computers worldwide are said to have failed due to the WannaMine infection, and the number continues to rise. At the time of infection, WannaMine and Smominru were able to prevent antivirus software from detecting them. In the case of WannaMine, it was sufficient to visit a previously prepared website or open an infected e-mail in order to take over the PCs.