The threat intelligence team at Cisco Systems has said that it has discovered a new botnet that mines Monero and steals data from unsuspecting victims. The crypto-jacking botnet known as ‘Prometei’ both mines Monero (XMR) and also steals a lot of data from the systems that it targets.
This botnet has been active since May according to a paper sent to reporters. It mainly relies on 15 executable modules to recover most administrator passwords from the infected computer.
Password validity is authenticated by sending them to a central control server that is connected to other networks. After the malware obtains access to the user’s administrative rights, it goes ahead to record all the data that is contained within the entire system.
Based on Cisco Talos estimates, the botnet may have up to 10,000 systems at any given point in time. Currently, the botnet is still operating with a hash generating frequency of at least 1M Hash/sec (million hashes per second).
While speaking to reporters, a researcher at Cisco Talos, Vanja Svajcer, said that Prometei earns its owner almost $1,500 every month. The researcher insisted that even though it does not sound like a lot of money compared to other quoted figures, it comfortably earns considerably over an average salary in many countries. He explained:
“Stealing credentials is the most dangerous part of the Prometei botnet. You could consider the attacker with its bot being a burglar in your home. Naturally, the burglar searches all the drawers and finds various keys. They take keys with them and ask somebody else (another infected system) to check if any of the keys work on your car, safe deposit box, etc. When criminals break into a house it opens up a whole new set of opportunities. It is very similar to this botnet.”
The research reveals that Prometei makes a moderate profit for one developer who is most likely based in Eastern Europe. Recently, reports have emerged on malware that targets the usual vulnerabilities in the Windows operating system aiming to mine Monero.