View Markets Data →

Smominru botnet infects over half a million servers to mine Monero

The Smominru botnet has succeeded in infecting more than half a million Windows servicers through the NSA’s EternalBlue exploit, and has been used to mine Monero.

According to a new report by ZDNet, more than half a million Windows servers – some 526,000, by estimates – have been hijacked by a cryptocurrency miner botnet dubbed Smominru that has been used to mine some 8,900 XMR to date.

The Smominru botnet leverages a familiar weakness, making use of the US National Security Agency’s EternalBlue exploit that is perhaps most infamously remembered for its role in the WannaCry attacks in early 2017.

ZDNet reports that the majority of affected servers are apparently located in Russia, India, and Taiwan, and have been specifically targeted for their processing power.

At the time of writing, various foundations have attempted to curb the botnet’s progress – organisations such as and the ShadowServer Foundation, in conjunction with Proofpoint – have attempted to reduce the botnet’s reach with a technique called ‘sinkholing‘, but thus far no attempts have made major headway in stemming the proverbial tide.

A new trend

Just last month, a new report from TrendMicro revealed that hackers successfully leveraged vulnerabilities in Google’s DoubleClick ad platform to mine Monero.

In that case, hackers have leveraged CoinHive – a JavaScript program which, when hidden on a website, can use a computer’s processing power to mine Monero – and distributed the malware through DoubleClick.

Moves have similarly been made, however, to introduce new anti-cryptocurrency mining tools to web browsers.

Opera recently announced that it has moved to add cryptocurrency mining protection as a standard feature across all its mobile browsing platforms, and the firm’s new anti-cryptocurrency mining feature will now be activated by default on both Opera Mini and Opera for Android, giving its users some piece of mind while browsing the web.

Opera revealed that malware that propagates non-consensual cryptocurrency mining is estimated to affect over one billion users around the world, while some three million websites are further predicted to have been exposed to ‘cryptojacking’-scripts.

Have your say!

How could web browsers and computers around the world be ‘insulated’ against crypto-jacking malware? Be sure to let us know your opinion on Twitter – join the conversation @coininsidercom!

Follow Bryan Smith on Twitter: @bryansmithSA