A highly sophisticated hacker has infiltrated thousands of computers and hijacked them to covertly mine the privacy coin monero.
- Security intelligence firm Cisco Talos, part of U.S. tech giant Cisco Systems, said it discovered a botnet – a network of internet-connected devices – that had been active for months, in its report Wednesday.
- Dubbed "Prometei," the botnet can disable security controls, copy across important files, and masquerade as other programs to set up covert mining operations in computer systems.
- It also constantly reinvents its tools in order to avoid detection.
- Since starting operation in early March, researchers estimate it has infected anywhere between 1,000 and 5,000 systems.
- Prometei may have earned its owner approximately $5,000 worth of monero – around $1,250 per month, the report reads.
- Cisco Talos doesn't know the identity of the hacker, but it is likely to be a single professional developer based somewhere in Eastern Europe.
- It also found the botnet had also stolen credentials, such as administrator passwords, possibly to sell on the black market.
- Monero is the cryptocurrency of choice for these attack vectors as it can be mined easily with general-purpose CPUs and can be traded with little risk of detection.
See also: Hackers Plant Crypto Miners by Exploiting Flaw in Popular Server Framework Salt