Eset, a Slovakian software security firm and a major antivirus software supplier, has revealed that cyber criminals behind the Stantinko botnet have been distributing a Monero (XMR) cryptocurrency mining module through YouTube.
On November 26, it has been reported by Eset that the Stantinko botnet operators have expanded their criminal reach from click fraud, ad injection, social network fraud, and password-stealing attacks, into installing crypto malware on victims’ devices by using YouTube.
However, the Stantinko botnet, which has been active since at least 2012 and predominantly targets users in Russia, Ukraine, Belarus, and Kazakhstan, reportedly uses YouTube channels to distribute its cryptojacking module, which mines the privacy-focused crypto coin Monero on the CPUs of unsuspecting victims.
This cryptocurrency-stealing malware has reportedly infected around 500,000 devices and is similar to the recently discovered Dexphot, malicious malware, which discovered by Microsoft that has already infected more than 80,000 computers.
Likewise, these crypto-hijacking codes steal processing resources, take over legitimate system processes and disguise the nefarious activity with the ultimate goal of running a crypto miner on the infected devices.
Thus, a professional investigator going by the name of Serhack confirmed that the software distributed after the server was compromised was indeed malicious:
“I can confirm that the malicious binary is stealing coins. Roughly 9 hours after I ran the binary a single transaction drained the wallet. I downloaded the build yesterday around 6pm Pacific time.”
Source: welivesecurity.com | cointelegraph.com