ESET experts recently discovered a banking Trojan Mispadu, and today the antivirus company has shared
What is known
It's about the Stantinko botnet. He installs the CoinMiner module on computers, which miners the Monero cryptocurrency. Its main feature is the ability to carefully hide from detection. This is because attackers compile a unique code for each victim. In addition, CoinMiner does not communicate with the mining pool directly, but through proxies whose IP addresses are obtained from the descriptions of the videos on YouTube. The module also scans processes running on the computer and calculates antivirus programs.
During mining, he uses most ofdevice resources. Therefore, in order not to cause suspicion among the user, CoinMiner analyzes the activity and pauses its activity. For example, when the laptop does not work from the network, but from the built-in battery.
Recall that earlier attackers used the Stantinko botnet for advertising fraud. In five years, he has infected about 500,000 computers in Ukraine, Belarus, Kazakhstan and Russia.