ESET reports that hundreds of thousands of Russian Internet users may be involved in a hidden criminal scheme for mining the Monero cryptocurrency.
Experts have discovered the CoinMiner cryptomining module, which is distributed and installed through the Stantinko botnet. This malicious network
Initially, the botnet specialized in advertising fraud. However, recently, attackers have switched to hidden cryptocurrency mining. For this purpose, the mentioned CoinMiner module is used, the peculiarity of which is the ability to carefully hide from detection.
In particular, Stantinko operators compile a unique module for each new victim. In addition, CoinMiner does not communicate with the mining pool directly, but through a proxy whose IP addresses are obtained from the descriptions of YouTube videos.
Plus, the malware monitors antivirus solutions running on the computer. Finally, the miner can pause its activity under certain conditions - for example, when the computer is running on battery power. This allows you to lull the user's vigilance.
You can find out more about the malicious miner
Source: 3dnews.ru