Recently, ESET specialists discovered the Mispadu banking Trojan, and today the antivirus company shared
What is known
We are talking about the Stantinko botnet.It installs the CoinMiner module on computers, which mines the Monero cryptocurrency. Its main feature is the ability to carefully hide from detection. This is all thanks to the fact that attackers compile unique code for each victim. In addition, CoinMiner communicates with the mining pool not directly, but through a proxy whose IP addresses are obtained from the descriptions of videos on YouTube. The module also scans processes running on the computer and detects antivirus programs.
During mining, it uses most ofdevice resources. Therefore, in order not to arouse suspicion among the user, CoinMiner analyzes the activity and suspends its activities. For example, when a laptop does not operate from the network, but from the built-in battery.
Let us remember that earlier attackers used the Stantinko botnet for advertising fraud. Over five years, it infected about 500,000 computers in Ukraine, Belarus, Kazakhstan and Russia.