Satori.Coin.Robber Malware Goes After Ethereum Mining

Posted on January 20, 2018 at 8:03 AM

Satori.Coin.Robber Malware Goes After Ethereum Mining

A new version of the notorious Satori malware has recently started targeting ethereum mining.

The notorious malware strain, known as Satori, has already been targeting security cameras, internet routers, and a host of other IoT devices for some time. However, a new family member of the Satori malware has been discovered which affects ethereum mining rigs. In December 2017, Satori was still discovered to focus on exploiting bugs on routers from manufacturers such as D-Link and Huawei. The malware, which is thought to be based on the former infamous Mirai botnet, has already targeted thousands of personal devices after exploiting security flaws on Realtek and Huawei routers.

According to security researchers from Qihoo 260 Netlab, the latest Satori malware strain is searching the web for Windows-based devices which runs the Claymore mining program and subsequently attacks them. Considering the similarities between the latest malware strain, and that of the Satori family, researchers believe that the hackers behind Satori are responsible for the latest attack campaign. The botnet, known as Satori.Coin.Robber was discovered on January 8and scans Ethereum mining rigs using management port 3333.

Once the malware has infiltrated and hijacked a device, they replace the miner’s wallet address with that of the hackers’. This means that all coins directed to the miner will instead be received by the hacker. So far, researchers have not yet confirmed how many devices have been affected by the malware. However, Dwarfpool confirms that the particular wallet address that is linked to the hackers so far only holds two coins, which currently equates to $2,160.

Satori.Coin.Robber operates by exploiting a feature on the Claymore software which enables a user to monitor mining remotely. However, this issue has already been addressed in the software provider’s update, version 10.2. According to the researchers, the hack abuses certain management actions on port 3333 which does not require password authentication.

Interestingly, a developer from the Satori team has contacted the Qihoo 360 Netlab researchers and stated that the particular bot had no malicious intent. However, users were still advised to make sure that their software is up to date to prevent any damages.

Summary
Satori.Coin.Robber Malware Goes After Ethereum Mining
Article Name
Satori.Coin.Robber Malware Goes After Ethereum Mining
Description
The notorious malware strain, known as Satori, has already been targeting security cameras, internet routers, and a host of other IoT devices for some time.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading