It is an open secret that the supply of the crypto currency Monero partly feeds from illegal sources. With no other crypto currency is the phenomenon of malware mining as contagious as with the privacy coin. According to a report by the IT security company Carbon Black, a well-known malware program in a new guise has infected at least 500,000 devices. Mining XMR without the knowledge of the device owners is only the tip of the iceberg.
An old acquaintance is currently in his latest incarnation on at least 500,000 devices causing trouble. A botnet is mining the crypto currency Monero (XMR) without the knowledge – let alone consent – of the device owners. We are talking about the Smominru botnet, which gained doubtful fame at the beginning of last year. At that time, security researchers had found out that Smominru had “dug” XMR for the equivalent of over 3.3 million US dollars in the last half of 2017. A recent report by IT security firm Carbon Black shows that the threat posed by Smominru has not yet been averted. On the contrary, the researchers discovered a previously unknown connection between Smominru and another botnet called MyKings.
After that, the affected end devices cannot only be abused for XMR mining; their owners now run the risk that access to their network will end up on the black market fully automatically. Malware mining serves as a façade behind which a greater danger is concealed: Access Mining.
Access mining is a tactic in which an attacker uses the footprint and distribution of commodity malware, in this case a crypto-miner, to hide an intention to sell system access to certain computers on the dark web. Access mining involves adding a remote access Trojan (RAT) to the commodity malware, collecting [access data], and offering this information in appropriate marketplaces.
More lucrative than Monero Malware Mining?
According to analysts, Access Mining offers malicious players a lucrative opportunity to earn money:
One of the most popular known access marketplaces […] offers over 35,000 access data for sale in different countries and for a variety of Windows operating systems. Prices […] are between 4 and 20 US dollars with an average selling price of 6.75 US dollars.
Without quoting Adam Riese, the analysts make the following naïve calculation. If only half of the infected devices were sold, this would mean a turnover of 1.69 million US dollars. Whether this is more lucrative than continuing to mine in silent XMR, of course, depends not least on the Monero price.
At the beginning of the year, researchers had estimated the proportion of XMR mined by malware mining at over 4.2 percent.