• About
  • Advertise
  • Careers
  • Contact
Monday, February 6, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

The majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions.

by Cyber360 News
November 11, 2019
in Malware
0
The majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions.
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

The majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions.

Threat actors who previously targeted cryptocurrency wallets through Distributed Denial of Service (DDoS) attacks have now launched another malware loader to facilitate their botnet Trojan. This time, they have used the Smoke Loader tool along with the RIG exploit kit and have managed to infect around 152,000 hosts with the new malware loader, claim security researchers at Malwarebytes Labs.

See: Will good prevail over bad as bots battle for the internet?

In their blog post, researchers noted that the botnet has managed to achieve such an astoundingly high figure through two different distribution campaigns to drop ElectrumDoSMiner malware. It is worth noting that the attackers have managed to steal roughly $4.6 million by April.

Researchers at Malwarebytes state that it started off as a phishing campaign designed to trap users so that they download a malicious version of the wallet. The attacker(s) exploited a vulnerability in the Electrum software, which could steal funds from the victim’s wallet.

In February, the wallet developers used the same vulnerability for redirecting users to download the patched version of the software. However, they discovered the use of an undocumented loader called Trojan.BeamWinHTTP, which is responsible for downloading the ElectrumDoSMiner. Devices that have been infected with malware would become slow and the internet speed will also slow down because the device will join the army of botnets to carry out additional DDoS attacks.

“While these DDoS attacks have not been publicized much by mainstream media, they have undoubtedly caused millions of dollars in losses over the span of just a few months,” said Malwarebytes in its blog post.

 

New Electrum DDoS botnet steals $4.6 million after infecting 152,000 hosts

The main infrastructure hosting ElectrumDoSMiner binaries and configuration files – Image credit: Malwarebytes

The botnet is currently invading computers in the Asia Pacific and South American Region; the majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions.

“We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily,” Malwarebytes added.

It is quite concerning that by April 24, the number of infected devices was below the 100,000 marks but the very next day, it reached 152,000, while the number of infected hosts also keeps changing but on average it is over 100,000.

In their previous attacks, they used the Smoke Loader and RIG Exploit Kit for stealing funds. In that campaign, the malware was dropped through DDoS attacks and launch the ElectrumDoSMiner but the new campaign involves using a new malware dubbed Trojan.BeamWinHTTP.

See: Crypto exchange loses access to $145M after CEO dies without giving password

However, this malware can also download the ElectrumDoSMiner, which can be found on the system in a file titled transactionservices.exe. The ElectrumDoSMiner Trojan floods the Electrum nodes with requests so that the system gets infected and joins the army of botnets.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
Researchers believe the trojanized version of TeamViewer is being spread by a Russian speaking hacker.

Researchers believe the trojanized version of TeamViewer is being spread by a Russian speaking hacker.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In