Posted   |     |   ethereum

The Satori Botnet Is Mass-Scanning for Uncovered Ethereum Mining Rigs

Ethereum logos

The operators of the Satori botnet are mass-scanning the Web for uncovered Ethereum mining rigs, according to three resources in the infosec local community who’ve noticed the malicious habits —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence.

Extra exactly, crooks are scanning for gadgets with port 3333 uncovered online, a port usually employed for remote management characteristics by a massive variety of cryptocurrency-mining gear.

Scans have been using place for practically a week

The scans started on Could eleven, according to scientists from Netlab, the to start with to notice them, and the kinds who tied their exercise to the Satori botnet.

Extra particulars emerged a day afterwards when GreyNoise analysts managed to demystify the scans and examine the habits on a compromised product.

RELATED:  ICO Scams, Antsy Enterprises and Massive Hacks: This Week in Crypto

GreyNoise suggests crooks have been actively wanting for gear running the Claymore mining software package.

“When the attacker identifies a server running the Claymore software package they force guidance to reconfigure the product to be a part of the ‘dwarfpool’ mining pool and use the attacker’s ETH wallet,” GreyNoise suggests.

GPON routers employed to scan and compromise mining rigs

GreyNoise also tied the scans to a team of IP addresses positioned in Mexico, on the networks two ISPs that just a few days before experienced countless numbers of GPON routers compromised and attacked by five unique botnets.

RELATED:  Bitcoin, Ethereum Direct Crypto Industry Decreased as Trade Volumes Plunge

Based mostly on…

Read more…


No media yet. 

No comments yet.

Commenting is limited to those invited by others in the community
or learn more.


Add to Collection