Stantinko was created back in 2012, and the botnet has since grown rapidly. Since its creation, it has infected roughly half a million machines located in Kazakhstan, Russia, Belarus, and many other countries. Complaints from the botnet’s victims vary, ranging from password hacks to frauds.
According to ESET, a research agency that focuses on cybersecurity, the developers behind Stantinko have upgraded their skills and have introduced a brand-new module that can help the botnet evade detection. The XMR-stack open-source miner is being employed for the key purpose of mining Monero.
These black hats are working diligently to attack those vulnerable in a unique manner. The botnet systematically uses proxies, whose IPs are drawn from the description text linked to videos on YouTube. The report said,
“hashing, and communication with the proxy […]” are necessary procedures required for crypto-mining to be successful.”
The hashing code associated with the botnet morphs after every single execution and according to the report, this may aid the programme in mining other profitable cryptocurrencies as well. That being said, instances of mining virtual currencies aside from Monero are yet to be heard of.
Crypto-jacking is the practice of using a computer belonging to another individual in order to mine digital currencies. The most common cryptocurrency being mined is Monero, which is a privacy-centric coin. According to some, this feature allows attackers to get away with practically anything, without the fear of surveillance.
Back in October this year, Sucuri had reportedly come across “malicious plugins” that had infected scores of machines. After being downloaded, these plugins ran a Linux executable binary file in order to function as malware. The whole process was much simpler than formulating a botnet too. Ransomware attacks have also been on the rise, with the latest affecting around 110 nursing homes and Virtual Care Provider Inc. in the United States.