[Image: Smominru-Botnet.jpg]

Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well.

Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer viruses that is now infecting over 90,000 machines each month around the world.

Though the campaigns that are hacking computers with the Smominru botnet have not been designed to go after targets with any specific interest, the latest report from Guardicore Labs researchers shed light on the nature of the victims and the attack infrastructure.

According to the researchers, just last month, more than 4,900 networks were infected by the worm without any discrimination, and many of these networks had dozens of internal machines infected.

Infected networks include US-based higher-education institutions, medical firms, and even cybersecurity companies, with the largest network belonging to a healthcare provider in Italy with a total of 65 infected hosts.



Active since 2017, Smominru botnet compromises Windows machines primarily using EternalBlue, an exploit that was created by the U.S. National Security Agency but later got leaked to the public by the Shadow Brokers hacking group and then most famously used by the hard-hitting WannaCry ransomware attack in 2016.

The botnet has also been designed to gain initial access on vulnerable systems by simply brute-forcing weak credentials for different Windows services, including MS-SQL, RDP, and Telnet.
NEWS LINK 
https://thehackernews.com/2019/09/smominru-botnet.html