Stantinko Botnet Starts Cryptojacking, Uses YouTube to Evade Detection
- The botnet infected more than half-a-million devices since 2012.
The infamous botnet Stantinko has added the capability of crypto mining to utilize its victims' computers to mine Monero and is using YouTube to evade detection.
Under circulation since 2012, Stantinko has reportedly infected over 500,000, which are concentrated in Russia, Ukraine, Belarus, and Kazakhstan and siphoned money from the victims using click fraud, ad injection, social network fraud, and password-stealing attacks.
Malware getting sophisticated
Revealed by ESET, a cybersecurity research firm, the botnet developers are distributing a new module for crypto mining, but the most notable feature is the tactics it is using to dodge detection. It is using xmr-stack open-source crypto miner to mine the digital currency.
“Due to the use of source level obfuscations with a grain of randomness and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique,” ESET researchers explained.
To dodge detection, the botnet does not communicate directly with Monero mining pools; instead, it uses proxies whose IP addresses are acquired from the description text of YouTube videos.
“At the very core of the crypto mining function lies the process of hashing, and communication with the proxy […] CoinMiner.Stantinko sets the communication with the first mining proxy it finds alive,” the researchers noted.
“This change makes it possible, for example, to adapt to adjustments of algorithms in existing currencies and to switch to mining other Cryptocurrencies Cryptocurrencies By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the netw By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the netw Read this Term in order, perhaps, to mine the most profitable cryptocurrency at the moment of execution,” ESET stated.
The cybersecurity company already informed YouTube about the botnet, and the video streaming website took down the channels with the abusive videos.
Though researchers only found instances of Monero mining, for now, they are suspecting that it might be mining other digital currencies as well, as the hashing algorithm is CryptoNight R.
The infamous botnet Stantinko has added the capability of crypto mining to utilize its victims' computers to mine Monero and is using YouTube to evade detection.
Under circulation since 2012, Stantinko has reportedly infected over 500,000, which are concentrated in Russia, Ukraine, Belarus, and Kazakhstan and siphoned money from the victims using click fraud, ad injection, social network fraud, and password-stealing attacks.
Malware getting sophisticated
Revealed by ESET, a cybersecurity research firm, the botnet developers are distributing a new module for crypto mining, but the most notable feature is the tactics it is using to dodge detection. It is using xmr-stack open-source crypto miner to mine the digital currency.
“Due to the use of source level obfuscations with a grain of randomness and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique,” ESET researchers explained.
To dodge detection, the botnet does not communicate directly with Monero mining pools; instead, it uses proxies whose IP addresses are acquired from the description text of YouTube videos.
“At the very core of the crypto mining function lies the process of hashing, and communication with the proxy […] CoinMiner.Stantinko sets the communication with the first mining proxy it finds alive,” the researchers noted.
“This change makes it possible, for example, to adapt to adjustments of algorithms in existing currencies and to switch to mining other Cryptocurrencies Cryptocurrencies By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the netw By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the netw Read this Term in order, perhaps, to mine the most profitable cryptocurrency at the moment of execution,” ESET stated.
The cybersecurity company already informed YouTube about the botnet, and the video streaming website took down the channels with the abusive videos.
Though researchers only found instances of Monero mining, for now, they are suspecting that it might be mining other digital currencies as well, as the hashing algorithm is CryptoNight R.