Deja Vu? Monero Botnet Has Close Resemblance to “Outlaw” Attack

TrendMicro suspects that a group of hackers who launched a Monero mining malware campaign last year is at it again.

A URL that is being used to spread a Monero mining botnet that bears a striking resemblance to a similar botnet created by the Outlaw hacking group has been identified by TrendMicro’s Security Intelligence Blog. So far, TrendMicro says that the botnet is still in its testing phase, although infection attempts have been attempted in China.

“Haiduc,” the group’s primary hacking tool (and the Romanian word for “outlaw”) is a Perl-based shellbot that exploits vulnerabilities in the Internet-of-Things.

Discover the Barcelona Trading Conference – A Top Tier Crypto Trading Event

While the group’s previous operation appeared to rely on Haiduc to search the internet for vulnerable systems that it could attack, the malware is reportedly primarily being spread through a malicious URL this time around. The URL contains a Monero-mining script as well as a backdoor-based exploit.

Once the URL has been accessed, or Haiduc has discovered a vulnerability, the botnet uses a brute force attack exploit to grant hackers with remote access over their victim’s systems. After the attackers have control, the malware downloads the cryptocurrency miner payload. If there is already cryptocurrency mining software installed on the system, the malware deletes it.

Suggested articles

TrustedBrokerz: The Source More Traders Are TrustingGo to article >>

This kind of involuntary crypto mining, known as “cryptojacking,” brings hackers around the world over $250,000 worth of cryptocurrency per month, according to research by RWTH Aachen University in Germany.

DDoS For Hire

The bot is also reportedly “capable of launching distributed denial-of-service (DDoS) attacks, allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.”

DDoS attacks happen when multiple systems (i.e., bots or compromised computers) attempt to overwhelm the bandwidth of another targeted system (usually a website or web server). If the attack is successful, the system will be so overwhelmed that it will be inaccessible by anyone besides the person launching the attack.

DDoS attacks have been particularly common in the cryptosphere around token sales, when certain token buyers may want to prevent other buyers from having access to the tokens, or if a malicious actor wants to hurt the performance of a token sale for another reason.

John McAfee’s new crypto trading platform, McAfeeMagic, suffered a DDoS attack shortly after its launch this week, according to reports from Yahoo Finance.

Got a news tip? Let Us Know