Over half a million PCs infected as hackers go after cryptocurrency


What happens when cryptocurrency becomes one of the most desired forms of money? Everyone takes notice. That includes hackers.

What happens when cryptocurrency becomes one of the most desired forms of money? Everyone takes notice. That includes hackers. This time cybercriminals have set their eyes on Monero, a highly sought after, private and untraceable cryptocurrency.

Researchers from Proofpoint discovered a Monero mining botnet called Smominru (aka Ismo) that spreads using the EternalBlue exploit.1  This exploit, which was created by America's National Security Agency (NSA), was leaked by a hacking group called Shadow Brokers in April 2017. EternalBlue was responsible for the debilitating WannaCry ransomware attack that infected over 200,000 computers all over the world.

What is the Smominru botnet?

Smominru is a botnet that comprises over 526,000 Windows PC computers. It is known to deliver a variety of malware and Trojans to vulnerable devices, ultimately benefiting the operator by mining cryptocurrency. According to a recent report, Smominru has infected over half a million computers and could forcibly mine nearly 9,000 Monero tokens.2 At the time of writing, this amount could be worth somewhere between $2.8 to $3.6 million. According to Proofpoint, the 'hashpower,' or the speed at which mining operations unlock new units of cryptocurrency, is twice the size of other mining operations. This makes execution that much faster. Even though the bot was distributed all over the world, Russia, India and Taiwan were the most affected countries.

What precautions to take for the Smominru botnet

Just like it protected its customers from WannaCry Ransomware before it was distributed, Norton Security can help protect against Smominru. Update your Internet security suite and operating systems with the latest updates.

To check if your Norton product's definitions are up to date click here.  

1 Proofpoint, "Smominru Monero mining botnet making millions for operators," January 31, 2018.

2 The Hacker News, "Cryptocurrency mining malware infected over half-million PCs using NSA exploit," January 31, 2018.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.