Researchers immediately described Stantinko as a complex threat, active at least since 2012. Malware is a modular trojan with backdoor functionality, and code encryption and self-defense mechanisms have allowed Stantinko operators to be unnoticed for many years.
Now ESET experts report that the still active Stantinko has acquired the Monero cryptocurrency mining module, and CoinMiner.Stantinko has become another way of earning money for botnet operators.
“This module’s most notable feature is the way it is obfuscated to thwart analysis and avoid detection. Due to the use of source level obfuscations with a grain of randomness and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique”, — report ESET specialists.
In addition, as it is based on the open source miner xmr-stak CoinMiner.Stantinko, it does not communicate with the mining pool directly, but through proxy servers, and receives their IP addresses from the video description on YouTube. Researchers recall that the Casbaneiro banker previously used a similar tactic.
CoinMiner.Stantinko is able to suspend other, competing crypto mining applications.
Read also: Graboid mining worm spreads through Docker containers
Stantinko can also detect security software. The malware also scans running processes to find security software.
Interestingly, the Trojan is able to quite cunningly suspend the cryptocurrency mining process.
“CoinMiner.Stantinko temporarily suspends mining if it detects that there’s no power supply connected to the machine. This measure, evidently aimed at portable computers, prevents fast battery draining … which might raise the user’s suspicion”, — say ESET researchers.
Researchers conclude that Stantinko continues to evolve and is unlikely to stop in the nearest future. Therefore, the module for mining is not the only innovation at all. For example, earlier, the malware “learned” to carry out dictionary attacks against sites based on Joomla and WordPress, aimed at collecting credentials. Probably, this data was resold to other criminals.
About Himalayaview.top Himalayaview.top pop-ups can not launch out of the blue. If you have actually…
About Youdilgad.top Youdilgad.top pop-ups can not expose out of the blue. If you have clicked…
About Alkads.com Alkads.com pop-ups can not launch out of the blue. If you have clicked…
About Bigamirt.xyz Bigamirt.xyz pop-ups can not launch out of nowhere. If you have clicked some…
About Micorban.xyz Micorban.xyz pop-ups can not open out of the blue. If you have actually…
About Msdefender.co.in Msdefender.co.in pop-ups can not expose out of the blue. If you have actually…