Newly Discovered Botnet Infected Up to 5,000 Computers With a Monero Miner

A highly sophisticated hacker has infiltrated thousands of computers and hijacked them to covertly mine the privacy coin monero.

• Security intelligence firm Cisco Talos, part of U.S. tech giant Cisco Systems, said it discovered a botnet – a network of internet-connected devices – that had been active for months, in its report Wednesday.
• Dubbed "Prometei," the botnet can disable security controls, copy across important files, and masquerade as other programs to set up covert mining operations in computer systems.
• It also constantly reinvents its tools in order to avoid detection.
• Since starting operation in early March, researchers estimate it has infected anywhere between 1,000 and 5,000 systems.
• Prometei may have earned its owner approximately $5,000 worth of monero – around $1,250 per month, the report reads.
• Cisco Talos doesn't know the identity of the hacker, but it is likely to be a single professional developer based somewhere in Eastern Europe.
• It also found the botnet had also stolen credentials, such as administrator passwords, possibly to sell on the black market.
• Monero is the cryptocurrency of choice for these attack vectors as it can be mined easily with general-purpose CPUs and can be traded with little risk of detection.

See also: Hackers Plant Crypto Miners by Exploiting Flaw in Popular Server Framework Salt