Cybersecurity company Carbon Black, reports the popular 2018 monero crypto mining botnet contains a crucial component capable of capturing IP addresses, domain information, usernames, and passwords. Cryptojacking Malware Attacks Devices to Mine Monero & Steal Data.
Labeled “Access Mining,” scientists from Carbon Black, Greg Foss, and Marian Liang claim that for the previous two years, the 2018 botnet campaign has been collecting secret information, and making millions in the process.
According to the security firm, the total amount of infected machines are well over 500,000. Most of the infected devices are located in Russia, Eastern Europe, and the Asian Pacific.
The group now utilizes easily accessible malware and open source tools with the altered XMRig, such as Mimikatz and EternalBlue, which have been altered to move from infected devices and expand the reach of their campaign.
The report highlighted an unexpected link between the Smominru crypto mining campaign, and the MyKings botnet.
“Access Mining indicates a bigger trend of commodity malware evolving to mask a darker purpose and will force a change in the way cybersecurity professionals classify, investigate and protect themselves from threats”, the report said.
The cybercriminals have made the security data a secondary source of earnings. With one infected device on the dark web market selling for an average of $6.75, the 500,000 haul value is $1.69 million. It is even possible to rent infected machines as a source of passive income for hackers for 24 to 48 hours.
At $90 per monero coin, Carbon Black claims the group’s assets are sitting close to $3.29 million.
Following their study, the report released a series of tips to address potential issues.