Home Ethereum News The Satori Botnet Is Mass-Scanning for Uncovered Ethereum Mining Rigs

The Satori Botnet Is Mass-Scanning for Uncovered Ethereum Mining Rigs

5 min read

The operators of the Satori botnet are mass-scanning the Web for uncovered Ethereum mining rigs, in line with three sources within the infosec neighborhood who've noticed the malicious conduct —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence.

Extra exactly, crooks are scanning for units with port 3333 uncovered on-line, a port typically used for distant administration options by numerous cryptocurrency-mining tools.

Scans have been going down for nearly per week

The scans began on Could 11, in line with researchers from Netlab, the primary to look at them, and those who tied their exercise to the Satori botnet.

Extra particulars emerged a day later when GreyNoise analysts managed to demystify the scans and analyze the conduct on a compromised gadget.

GreyNoise says crooks had been actively in search of tools working the Claymore mining software program.

"As soon as the attacker identifies a server working the Claymore software program they push directions to reconfigure the gadget to affix the 'dwarfpool' mining pool and use the attacker's ETH pockets," GreyNoise says.

GPON routers used to scan and compromise mining rigs

GreyNoise additionally tied the scans to a gaggle of IP addresses positioned in Mexico, on the networks two ISPs that just some days earlier had 1000’s of GPON routers compromised and attacked by five different botnets.

Primarily based on the present proof, Satori, one of many 5 botnets, was utilizing the GPON routers to scan for Claymore miners, deploy an exploit, and hijack the units to mine Ethereum and Decred cryptocurrencies for the Satori operators.

Yesterday, Netlab researchers printed a blog post confirming GreyNoise's preliminary discovery.

"The supply of this [port 3333] scan is about 17ok unbiased IP addresses, primarily from Uninet SA de CV, telmex.com, positioned in Mexico," Netlab mentioned

Extra particulars emerged later within the night, as Johannes B. Ullrich of SANS ISC additionally managed to identify the exploit utilized by the attackers, a distant code execution flaw (CVE-2018-1000049) affecting the Nanopool Claymore Dual Miner software program, for which public proof-of-concept code exists on-line.

This isn’t the primary time we've seen intense scans for Ethereum mining rigs. An analogous wave of scans happened last November.

Let’s block ads! (Why?)

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Can Bitcoin Change Gold because the Disaster Funding?

Photograph: Getty Photographs By Avi Salzman Sept. 21, 2018 eight:55 p.m. ET Bitcoin is us…