Smominru Hidden Miner Infected Over 500k PCs

Smominru uses licked Nationa Security Agency exploit and mines Monero
02 February 2018   1201

The exploit of the US National Security Agency (NSA) allowed the botnet virus Smominru, which mines XMR, to infect more than 526,000 personal computers. This is reported by Hacker News.

Researchers from the Proofpoint cybersecurity company, discovered a new global botnet called Smominru, also known as Ismo. It mines the Monero crypto currency using the EternalBlue exploit, which was allegedly developed by the NSA.

The EternalBlue exploit leaked into the network as a result of the actions of the hackers group Shadow Brokers, which is also responsible for the creation of the WannaCry ransomware.

The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations. Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes.

Proofpoint Researchers

The botnet Smominru infects computers since May 2017 and daily mines around 24 XMR. To date, the botnet managed to mine around 8900 XMR for a total of $ 2.1 million. The largest number of PCs infected with Smominru are from Russia, India and Taiwan.

The target of cybercriminals was a vulnerable version of Windows. They also used another NSA exploit called EsteemAudit.

According to the Hacker News, experts noted that the infrastructure for managing Smominru was detected on the service of protection against DDoS attacks SharkTech, but from its representatives to receive an answer so far failed.

Billionare's Wife Kidnappers to Demand €9M Worth XMR

Anna-Elizabeth Falkievik Hagen was allegedly abducted from her home, although the law enforcement agencies found no sign of hacking
10 January 2019   217

In late October, the wife of one of the wealthiest entrepreneurs in Norway, Tom Hagen, was kidnapped. The kidnappers are demanding a ransom of € 9 million in Monero, according to Norway Today.

Anna-Elizabeth Falkievik Hagen, 68, was allegedly abducted from her home, although the law enforcement agencies found no sign of hacking. A note with a ransom request was also found there.

Note that Interpol and Europol are involved in the investigation of the case of Falkievik, and the fact of the abduction was kept secret for a long time for security reasons.

Today, January 9, the police confirmed that Falkievik was abducted, and communication with the criminals takes place exclusively through some kind of "electronic platform". In addition, in December, the kidnappers could not provide evidence that she was still alive.

Probably the Falkievik case is the first time in Norway when a ransom is demanded in a cryptocurrency equivalent. Nevertheless, the police recommended that the criminals be denied their claims.

Tom Hagen is the founder of Elkraft AS, a power supply company. His fortune is estimated at 1.7 billion NOK (€ 170 million).

Earlier, employees of the local prosecutor’s office in Kiev and the National Police of Ukraine detained two suspects accused of stealing a miner in March of this year and stealing $ 50,000.

Now they face up to 15 years of imprisonment for robbery committed by a group of individuals in a preliminary conspiracy, infiltration and theft in a particularly large scale.