Starcraft fans use NSA exploits to mine XMR

According to F5 Network analysts, hackers were able to mine over $8000
19 December 2017   1960

Analysts of F5 Networks reported the detection of a malicious campaign for hacking servers running Windows and Linux. It was called Zealot (this term comes from popular videogame Starcraft.).

For attacks, unknown criminals use exploits from the arsenal of the US National Security Agency, published by the hacker group The Shadow Brokers. At the final stage of the infection, PowerShell is used, with the help of which a Monero crypto currency miner is installed on the compromised device. 

Analysts of F5 Networks note that an unknown group can replace Monero's miner at any time for any other malware.

Zealot seems to be the first Struts campaign using the NSA exploits to propagate inside internal networks. There were other malware campaigns like NotPetya and WannaCry ransomware, and also Adylkuzz cryptominer launching attacks by directly4 scanning the Internet for SMBs to exploit with the NSA tools the ShadowBrokers released. The Zealot campaign, however, seems to be opening new attack vector doors, automatically delivering malware on internal networks via web application vulnerabilities. The level of sophistication we are currently observing in the Zealot campaign is leading us to believe that the campaign was developed and is being run by threat actors several levels above common bot herders.

F5 Networks Research

Researchers managed to track several crypto-currency wallets of the group, which are used to output the enigmatic Monero. Currently, they contain about $ 8,500. At the same time, the income of the grouping can be much higher, since the attackers use a lot of wallets and experts admit that for certain not everyone was able to find out. to Mine for Charity

According to the calculations, if 10k computers will run the minning screensaver for 12 hours a day, the charity fund will receive $10k monthly
18 July 2018   146

Social platform for petitions announced the launch of a screensaver that mines Monero on users' computers. All tokens will be transferred to the charity fund of This is reported by Coindesk.

This initiative was launched in partnership with the marketing agency Tracelocke Brazil.

Representatives of report that the screensaver will consume resources only when users do not use the computer. According to their calculations, if 10 thousand computers will run the screensaver for 12 hours a day, the charity fund will be transferred $ 10 thousand monthly.

At the moment the program is available only for Windows users and the platform did not report on the release plans for the version for macOS.

Note that at the end of April, a similar action was launched by the Australian unit of the United Nations International Children's Emergency Fund; (UNICEF). The website "Page of Hope" mines Monero cryptocurrency.