Deja Vu? Monero Botnet Has Close Resemblance to "Outlaw" Attack

Friday, 14/06/2019 | 07:10 GMT by Rachel McIntosh
  • TrendMicro suspects that a group of hackers who launched a Monero mining malware campaign last year is at it again.
Deja Vu? Monero Botnet Has Close Resemblance to "Outlaw" Attack
FM

A URL that is being used to spread a Monero mining botnet that bears a striking resemblance to a similar botnet created by the Outlaw hacking group has been identified by TrendMicro’s Security Intelligence Blog. So far, TrendMicro says that the botnet is still in its testing phase, although infection attempts have been attempted in China.

“Haiduc,” the group’s primary hacking tool (and the Romanian word for “outlaw”) is a Perl-based shellbot that exploits vulnerabilities in the Internet-of-Things.

While the group’s previous operation appeared to rely on Haiduc to search the internet for vulnerable systems that it could attack, the malware is reportedly primarily being spread through a malicious URL this time around. The URL contains a Monero-mining script as well as a backdoor-based exploit.

Once the URL has been accessed, or Haiduc has discovered a vulnerability, the botnet uses a brute force attack exploit to grant hackers with remote access over their victim’s systems. After the attackers have control, the malware downloads the cryptocurrency miner payload. If there is already cryptocurrency mining software installed on the system, the malware deletes it.

This kind of involuntary Crypto Mining , known as “cryptojacking,” brings hackers around the world over $250,000 worth of cryptocurrency per month, according to research by RWTH Aachen University in Germany.

DDoS For Hire

The bot is also reportedly “capable of launching distributed denial-of-service (DDoS) attacks, allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.”

DDoS attacks happen when multiple systems (i.e., bots or compromised computers) attempt to overwhelm the bandwidth of another targeted system (usually a website or web server). If the attack is successful, the system will be so overwhelmed that it will be inaccessible by anyone besides the person launching the attack.

DDoS attacks have been particularly common in the cryptosphere around token sales, when certain token buyers may want to prevent other buyers from having access to the tokens, or if a malicious actor wants to hurt the performance of a token sale for another reason.

John McAfee’s new crypto Trading Platform , McAfeeMagic, suffered a DDoS attack shortly after its launch this week, according to reports from Yahoo Finance.

A URL that is being used to spread a Monero mining botnet that bears a striking resemblance to a similar botnet created by the Outlaw hacking group has been identified by TrendMicro’s Security Intelligence Blog. So far, TrendMicro says that the botnet is still in its testing phase, although infection attempts have been attempted in China.

“Haiduc,” the group’s primary hacking tool (and the Romanian word for “outlaw”) is a Perl-based shellbot that exploits vulnerabilities in the Internet-of-Things.

While the group’s previous operation appeared to rely on Haiduc to search the internet for vulnerable systems that it could attack, the malware is reportedly primarily being spread through a malicious URL this time around. The URL contains a Monero-mining script as well as a backdoor-based exploit.

Once the URL has been accessed, or Haiduc has discovered a vulnerability, the botnet uses a brute force attack exploit to grant hackers with remote access over their victim’s systems. After the attackers have control, the malware downloads the cryptocurrency miner payload. If there is already cryptocurrency mining software installed on the system, the malware deletes it.

This kind of involuntary Crypto Mining , known as “cryptojacking,” brings hackers around the world over $250,000 worth of cryptocurrency per month, according to research by RWTH Aachen University in Germany.

DDoS For Hire

The bot is also reportedly “capable of launching distributed denial-of-service (DDoS) attacks, allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.”

DDoS attacks happen when multiple systems (i.e., bots or compromised computers) attempt to overwhelm the bandwidth of another targeted system (usually a website or web server). If the attack is successful, the system will be so overwhelmed that it will be inaccessible by anyone besides the person launching the attack.

DDoS attacks have been particularly common in the cryptosphere around token sales, when certain token buyers may want to prevent other buyers from having access to the tokens, or if a malicious actor wants to hurt the performance of a token sale for another reason.

John McAfee’s new crypto Trading Platform , McAfeeMagic, suffered a DDoS attack shortly after its launch this week, according to reports from Yahoo Finance.

About the Author: Rachel McIntosh
Rachel McIntosh
  • 1509 Articles
  • 55 Followers
About the Author: Rachel McIntosh
Rachel is a self-taught crypto geek and a passionate writer. She believes in the power that the written word has to educate, connect and empower individuals to make positive and powerful financial choices. She is the Podcast Host and a Cryptocurrency Editor at Finance Magnates.
  • 1509 Articles
  • 55 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}