A highly sophisticated hacker has infiltrated thousands of computers and hijacked them to covertly mine the privacy coin monero.
- Security intelligence firm Cisco Talos, part of U.S. tech giant Cisco Systems, said it discovered a botnet – a network of internet-connected devices – that had been active for months, in its report Wednesday.
- Dubbed "Prometei," the botnet can disable security controls, copy across important files, and masquerade as other programs to set up covert mining operations in computer systems.
- It also constantly reinvents its tools in order to avoid detection.
- Since starting operation in early March, researchers estimate it has infected anywhere between 1,000 and 5,000 systems.
- Prometei may have earned its owner approximately $5,000 worth of monero – around $1,250 per month, the report reads.
- Cisco Talos doesn't know the identity of the hacker, but it is likely to be a single professional developer based somewhere in Eastern Europe.
- It also found the botnet had also stolen credentials, such as administrator passwords, possibly to sell on the black market.
- Monero is the cryptocurrency of choice for these attack vectors as it can be mined easily with general-purpose CPUs and can be traded with little risk of detection.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.