According to a report by Carbon Black, a cyber-security company, hidden-mining scammers also make money collecting secure data.
According to the report, the well-known Access Mining hidden mining botnet contains an additional component that can collect IP addresses, domain information, usernames and passwords. Carbon Black researchers Greg Foss and Marian Liang say the botnet has been collecting sensitive data for the past two years, earning millions.
According to reports, 500,000 vehicles were attacked by Trojans using the XMRig covert mining protocol, resulting in scammers receiving 8,900 XMRs. Most of the infected machines were in Russia, Eastern Europe and the Asia-Pacific region.
During this period, 500,000 computers were hacked not only using the Ghost protocol, but also data collection software. The report said that many programs taken on GitHub, such as Eternal Blue and Mimikatz, and implemented in XMRig, helped hackers update their software.
Hackers have turned secure data collection into a secondary source of revenue. Despite the fact that one infected machine generates an average of $ 6.75, 500,000 devices can earn $ 1.69 million. Infected devices can even be rented for 24-48 hours as a source of passive income for hackers. Depending on the location and owner of the computer, the value of the device may vary.
Foss and Liang say that the appearance of Access Mining is most likely the result of a fall in Monero prices after the 2018 bear market. Following their report, the firm released a series of tips to solve potential problems.
Hidden cryptocurrency mining is a common problem. Recently, information appeared that hackers use cloud services for hidden cryptocurrency mining, and in June of this year it became known that more than 50,000 servers around the world were hacked. It was reported that the servers were infected with malware for hidden cryptocurrency mining.