Hackers transmit cryptomining malware across Windows systems

Don Sharpe
by Don Sharpe
Author
Loading Comments
Download PDF
Affiliate Disclosure

  • Botnet Prometei is one of the latest cryptojacking tools for Windows systems.
  • Hackers deploy the botnet to breach Windows PCs and mine the Monero crypotocurrency.
  • Don't be caught unawares! To stay up-to-date on the latest threats to your enterprise systems, bookmark the Cybersecurity page. 
  • Go to the Security section for practical tips on securing your Windows 10 PC and applications.
Windows SMB exploit

There’s a new strain of cryptomining malware in town, and it’s infecting Windows systems!

Cryptomining should be good, legitimate business. But its computing power requirements mostly never justify the investment.

So, how do those that like to reap where they haven’t sown in the world of IT respond to this setback? They come up with a devious way to mine and make money off it—cryptojacking!

And botnet Prometei is one of the latest tools for the illegitimate cryptojacking work.

Cryptomining malware exploits Windows SMB vulnerability

Research firm Cisco Talos discovered botnet Prometei, which hackers created to infiltrate Windows systems and mine the Monero cryptocurrency.

The botnet has multiple components that serve different key purposes in the entire illegitimate operation.

For starters, Prometei includes code for propagating itself across Windows systems belonging to unsuspecting parties. In addition, it deploys the cryptomining malware each time it breaches a system.

On the other hand, the botnet contains code for breaching Windows security systems. The main job for this malware component is to steal admin security credentials and take advantage of Windows Server Message Block (SMB) and Remote Desktop Protocol (RDP) vulnerabilities.

The hacker even uses specially-crafted scripts to accelerate the spread of the cryptomining malware.

The actor employs various methods to spread across the network, like SMB with stolen credentials, psexec, WMI and SMB exploits. The adversary also uses several crafted tools that helps the botnet increase the amount of systems participating in its Monero-mining pool.

This specific actor partly relies on brute-force attacks to breach systems before planting cryptomining malware. You can defend your system against such a threat by using strong passwords and by locking accounts after too many successive login failures.

Also, be sure to take care of the basics, which include installing anti-malware or antivirus solutions on your Windows 10 systems.

Ever been a victim of cryptomining malware? How did you resolve the issue? You can share your solutions or ask any questions in the comments section below.