BSV
$53.53
Vol 30.7m
-1.54%
BTC
$95669
Vol 42658.86m
-1.71%
BCH
$448.33
Vol 338.02m
-1.61%
LTC
$101.08
Vol 803.17m
0.51%
DOGE
$0.31
Vol 4702.9m
-3.59%
Getting your Trinity Audio player ready...

In early December, 280,000 of these devil bots went live during a 12-hour period.

If you’re running some mining rigs, make sure to check your configurations regularly. Satori, a botnet known to target Internet of things (IoT) devices such as routers and security cameras is now targeting miners—inconspicuously switching the owner’s wallet address to one that belongs to the hacker, effectively robbing the miner of his coin earnings. This is unprecedented, according to a report by Netlab 360, since previous malware target information to infiltrate wallets themselves and rob funds from there.

“What really stands out is something we had never seen before, this new variant actually hacks into various mining hosts on the internet (mostly windows devices) via their management port 3333 that runs Claymore Miner software, and replaces the wallet address on the hosts with its own wallet address,” they wrote in a post last week.

The new strain of worm-style malware, dubbed Satori.Coin.Robber, is breaking into miners’ systems configuration through a vulnerability in the Claymore Miner software for Windows, and has been targeting ether (ETH) earnings. Eerily, the author of the malicious code even sends the infected miners a message in an attempt to steer them from purging out the malware.

ALERT: IoT malware Satori is targeting Ethereum miners and replacing their wallet addresses

Netlab 360 says that the malware was actually deployed en masse in December, with over 280,000 bots going live from different IP’s within a 12-hour period, which means there could be far more by now. Even more disturbingly, a report from ZDNet says that the malware code for the nasty botnet’s predecessor—which targets Huawei devices—was circulated like some giveaway over the holidays. Whether Satori.Coin.Robber was circulated, and how widely is yet to be known. But Netlab 360 says there was a spike in scanning activity consistent with the Coin Robber early January.

We will post an update on how to resolve the issue for those who are infected.

Recommended for you

Who wants to be an entrepreneur?
Embodying the big five personality traits could be beneficial for aspiring entrepreneurs, but Block Dojo shows that there is more...
December 20, 2024
UNISOT, PSU China team up for supply chain business intelligence
UNISOT revealed a new partnership with business intelligence and research firm PSU China, which will combine its data with UNISOT's...
December 20, 2024
Advertisement
Advertisement
Advertisement