ESET reports that hundreds of thousands of Russian Internet users may be involved in a hidden criminal scheme for mining the Monero cryptocurrency.
Experts have discovered the CoinMiner cryptomining module, which is distributed and installed through the Stantinko botnet. This malicious network at least since 2012. For a long time, Stantinko operators managed to remain undetected thanks to the use of code encryption and complex self-defense mechanisms.
Initially, the botnet specialized in advertising fraud. However, recently, attackers have switched to hidden cryptocurrency mining. For this purpose, the mentioned CoinMiner module is used, the peculiarity of which is the ability to carefully hide from detection.
In particular, Stantinko operators compile a unique module for each new victim. In addition, CoinMiner does not communicate with the mining pool directly, but through a proxy whose IP addresses are obtained from the descriptions of YouTube videos.
Plus, the malware monitors antivirus solutions running on the computer. Finally, the miner can pause its activity under certain conditions - for example, when the computer is running on battery power. This allows you to lull the user's vigilance.
You can find out more about the malicious miner .
Source: 3dnews.ru