Newly Discovered Botnet Infected Up to 5,000 Computers With a Monero Miner

Cisco researchers estimate the botnet may have earned its owner $5,000 worth of monero since it started operation four months ago.

AccessTimeIconJul 22, 2020 at 3:30 p.m. UTC
Updated Sep 14, 2021 at 9:34 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A highly sophisticated hacker has infiltrated thousands of computers and hijacked them to covertly mine the privacy coin monero.

  • Security intelligence firm Cisco Talos, part of U.S. tech giant Cisco Systems, said it discovered a botnet – a network of internet-connected devices – that had been active for months, in its report Wednesday.
  • Dubbed "Prometei," the botnet can disable security controls, copy across important files, and masquerade as other programs to set up covert mining operations in computer systems.
  • It also constantly reinvents its tools in order to avoid detection.
  • Since starting operation in early March, researchers estimate it has infected anywhere between 1,000 and 5,000 systems.
  • Prometei may have earned its owner approximately $5,000 worth of monero – around $1,250 per month, the report reads.
  • Cisco Talos doesn't know the identity of the hacker, but it is likely to be a single professional developer based somewhere in Eastern Europe.
  • It also found the botnet had also stolen credentials, such as administrator passwords, possibly to sell on the black market.
  • Monero is the cryptocurrency of choice for these attack vectors as it can be mined easily with general-purpose CPUs and can be traded with little risk of detection.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about