Posted   |     |   thehodllife

Satori Botnet Scouring the Web for Open Ethereum Mining Rigs

With increasing crypto prices comes a rising tide of cybercrime and pernicious elements looking to exploit the gains of others. Even though markets are currently still falling from their peak in January, Ethereum is still a hot commodity trading at around $675, up over 600% from this time last year.

Unsecured mining rigs have become the latest targets for a botnet that is sweeping the internet. According to security researchers at SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence, operators of the Satori botnet are mass-scanning the web for exposed mining rigs. The hackers are specifically looking for open port 3333 which is often used for remote management features by cryptocurrency-mining hardware.

RELATED:  Japan’s Largest Bank and Cloud Delivery Giant Akamai Announce Blockchain Payment Network

Reports indicate that the activity started on May 11, as alerted by China-based 360 Netlab;

GreyNoise researchers delved deeper into the spurious activity and managed to connect the digital dots to the Claymore mining software;

“GreyNoise observed a large spike of TCP port 3333 scan traffic today. This is the default port for the “Claymore” dual Ethereum/Decred cryptocurrency miner. Once the attacker identifies a server running the Claymore software they push instructions to reconfigure the device to join the ‘dwarfpool’ mining pool and use the attacker’s ETH wallet,”

The scans were linked to a group of Mexican IP addresses that had thousands of GPON routers compromised a few days ago. Satori is one of five botnets that were using the exploited routers to scan for Claymore miners, deploy an exploit, and hijack the devices to mine Ethereum and Decred cryptocurrencies for the botnet operators.

RELATED:  Iran and Russia Consider Using Cryptocurrency to Evade US Sanctions: Report

According to Zdnet the bugs allowed anyone to bypass the router’s login page and access pages within, simply by adding…

Read more…


No media yet. 

No comments yet.

Commenting is limited to those invited by others in the community
or learn more.


Add to Collection