Smominru, one of the most notorious cryptojacking malware has been tweaked. It is now targeting attacks towards equipment mining Monero for a dual purpose.
As per ZDNet, the malware is not just hijacking the equipment for mining Monero but is also trying to steal the access data. The Threat Analysis Unit, Carbon black was the first one to take notice of the deviation from mere crypto-jacking.
In the past, the malware took control of the mining device by identifying a vulnerable point or by brute-forcing, using its CPU power as a Monero mining botnet. The currency mined during this process is sent to the Monero wallet. The wallet is controlled by the attackers.
As per the researches, they see a change in the way Smominru crypto-jacking malware is operating this time. What is being called as access mining is the module that harvests data to steal credential details and sensitive information. The attackers are combining an open-source code along with the market-ready version of the Smominru malware. It is used for both crypto-jacking and data stealing.
The Monero mined this way and the data stolen is being reported to be sold by attackers at prices as low as $6.75 to making money over multiple channels. The targeted location of the malware seems to be Asia Pacific region as reported by the victims.
According to the reports by researchers, the botnet has been targeting attacks for over two years now. It was also used in the lethal ransomware attack – Wannacry.