Newly Discovered Botnet Infected Up to 5,000 Computers With a Monero Miner

Cisco researchers estimate the botnet may have earned its owner $5,000 worth of monero since it started operation four months ago.

AccessTimeIconJul 22, 2020 at 3:30 p.m. UTC
Updated Sep 14, 2021 at 9:34 a.m. UTC

A highly sophisticated hacker has infiltrated thousands of computers and hijacked them to covertly mine the privacy coin monero.

  • Security intelligence firm Cisco Talos, part of U.S. tech giant Cisco Systems, said it discovered a botnet – a network of internet-connected devices – that had been active for months, in its report Wednesday.
  • Dubbed "Prometei," the botnet can disable security controls, copy across important files, and masquerade as other programs to set up covert mining operations in computer systems.
  • It also constantly reinvents its tools in order to avoid detection.
  • Since starting operation in early March, researchers estimate it has infected anywhere between 1,000 and 5,000 systems.
  • Prometei may have earned its owner approximately $5,000 worth of monero – around $1,250 per month, the report reads.
  • Cisco Talos doesn't know the identity of the hacker, but it is likely to be a single professional developer based somewhere in Eastern Europe.
  • It also found the botnet had also stolen credentials, such as administrator passwords, possibly to sell on the black market.
  • Monero is the cryptocurrency of choice for these attack vectors as it can be mined easily with general-purpose CPUs and can be traded with little risk of detection.

Read more about


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.