Cisco Systems Warns Cryptojacking Botnet Mining Monero (XMR) Is Also Stealing User Data

Cisco Systems threat intelligence team has released a warning regarding a newly discovered Monero Mining crypto-jacking botnet called “Prometei.” The notice stated that the botnet not only mines Monero using targeted computer’s resources but also steals data from the system.

The warning revealed that the botnet has been active since May and relies on 15 executable modules to steal administrator passwords from the targeted systems. Once the malware gets access to the system, it steals all available data from the computer system.

Cisco Systems also revealed that the malware is very much active today and has infected thousands of systems. The malware is capable of containing up to 10,000 systems at any given point, which is evident from the high hash generating a frequency of 1M Hash/sec (million hashes per second).

Talking about how impactful the Monero mining botnet is, Vanja Svajcer, a researcher at Cisco Talos, revealed that the botnet generates revenue of around 1500 USD per month for its owners. While this may not seem profitable to many, the amount is ten times more than the average monthly salary in many countries. Apart from that, it also costs a significant amount of time for the computer owners whose system is used to mine Monero. Svajcer explained how the botnet is harmful:

“Stealing credentials is the most dangerous part of the Prometei botnet. You could consider the attacker with its bot being a burglar in your home. Naturally, the burglar searches all the drawers and finds various keys. They take keys with them and ask somebody else (another infected system) to check if any of the keys work on your car, safe deposit box, etc. When criminals break into a house, it opens up a whole new set of opportunities. It is very similar to this botnet.”

The intelligence researchers at Cisco also believe the creator of the botnet is somewhere in Eastern Europe. For a single individual, the amount generated by the botnet should be enough as extra pocket money.

Cryptojacking malware attacks have been one of the long-running nuisances without any permanent solutions along with ransomware attacks. While ransomware attacks are quite aggressive where the hacker directly demands a ransom, cryptojacking is kind of a passive attack where the target computer owner, in most cases, won’t even realize that their system has been compromised.