Smominru Hidden Miner Infected Over 500k PCs

Smominru uses licked Nationa Security Agency exploit and mines Monero
02 February 2018   276

The exploit of the US National Security Agency (NSA) allowed the botnet virus Smominru, which mines XMR, to infect more than 526,000 personal computers. This is reported by Hacker News.

Researchers from the Proofpoint cybersecurity company, discovered a new global botnet called Smominru, also known as Ismo. It mines the Monero crypto currency using the EternalBlue exploit, which was allegedly developed by the NSA.

The EternalBlue exploit leaked into the network as a result of the actions of the hackers group Shadow Brokers, which is also responsible for the creation of the WannaCry ransomware.

The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations. Given the significant profits available to the botnet operators and the resilience of the botnet and its infrastructure, we expect these activities to continue, along with their potential impacts on infected nodes.

Proofpoint Researchers

The botnet Smominru infects computers since May 2017 and daily mines around 24 XMR. To date, the botnet managed to mine around 8900 XMR for a total of $ 2.1 million. The largest number of PCs infected with Smominru are from Russia, India and Taiwan.

The target of cybercriminals was a vulnerable version of Windows. They also used another NSA exploit called EsteemAudit.

According to the Hacker News, experts noted that the infrastructure for managing Smominru was detected on the service of protection against DDoS attacks SharkTech, but from its representatives to receive an answer so far failed.

Monero to Preserve Its ASIC Resistance

On Sunday,  Monero developers published a development update on PoW change and key reuse  
14 February 2018   122

The development update addressed a recurring question among altcoins that can currently be mined profitably with GPU hardware and how to respond to the threat that a mining rig manufacturer will develop an ASIC miner built to mine Cryptonight.

The Monero developers are going to protect the network’s ASIC resistance by modifying its PoW algorithm at a scheduled hard fork. The hard fork occurs two times per year. The XMR users will not notice these changes. The changes will alter the network’s hashing algorithm that Cryptonight ASIC miners will have to follow every fork.

However, if these scheduled PoW forks will not be enough to disincentivize the development of ASIC miners for Cryptonight, Monero will modify PoW algorithm at a nonscheduled fork in order to prevent any potential threat from ASICs.

According to the development update, this stance will ensure that Monero mining remains relatively democratic and decentralized at least until such time the same can be said of the ASIC mining industry. The developers believe that any transition to an ASIC-dominated network needs to be as egalitarian as possible in order to foster decentralization.

Currently, the ASIC market is dominated by Chinese manufacturer Bitmain. It means that it would be simple for governments to force companies like this to build “kill switches” into the miners or sell rigs to customers who obtain special government licenses. By contrast, GPU miners rely on general-purpose computer chips. It makes regulator’s attempt to force miners to acquire government-issued licenses impossible.

The first PoW adjustment will be implemented at the network’s next hard fork, which is currently scheduled for March.