Newly Discovered Botnet Infected Up to 5,000 Computers With a Monero Miner

Published on by Coindesk | Published on

A highly sophisticated hacker has infiltrated thousands of computers and hijacked them to covertly mine the privacy coin monero.

Security intelligence firm Cisco Talos, part of U.S. tech giant Cisco Systems, said it discovered a botnet - a network of internet-connected devices - that had been active for months, in its report Wednesday.

Dubbed "Prometei," the botnet can disable security controls, copy across important files, and masquerade as other programs to set up covert mining operations in computer systems.

It also constantly reinvents its tools in order to avoid detection.

Since starting operation in early March, researchers estimate it has infected anywhere between 1,000 and 5,000 systems.

Prometei may have earned its owner approximately $5,000 worth of monero - around $1,250 per month, the report reads.

Cisco Talos doesn't know the identity of the hacker, but it is likely to be a single professional developer based somewhere in Eastern Europe.

It also found the botnet had also stolen credentials, such as administrator passwords, possibly to sell on the black market.

Monero is the cryptocurrency of choice for these attack vectors as it can be mined easily with general-purpose CPUs and can be traded with little risk of detection.

CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

x