Researchers have discovered a massive botnet that has taken over half a million Windows devices and turned them into cryptocurrency miners. The botnet has been dubbed “Smominru” and is powered by the NSA exploit EternalBlue.
The botnet peaked at 526,000 nodes and can regenerate itself which makes this botnet very powerful. It has mined 8,900 Monero which is roughly $2.8M-$3.6M USD. It has also been seen that infected hosts have been conducting attacks using EternalBlue and its worm-like capabilities to infect new victims in order to increase its size.
It is worth noting that attacks also have been happening due to EsteemAudit, which is “an exploit that leverages vulnerabilities in RDP on Windows Server 2003 and Windows XP.”
Cyber-security researchers have been able to take down roughly a third of the botnets, however, the operators behind the botnets have been able to recover. Russia, India and Taiwan have the highest number of infected machines, however, it is unclear who is behind the attack.