The powerful Satori botnet has resurfaced with a new target. According to several researchers in the field of computer security, a slew of zombie devices has been directed against RIG (cryptocurrency miners) that exploit Blockchain Ethereum.
According to 360 Netlab , a variant of the Satori botnet nicknamed “Satori.Coin.Robber” was spotted scanning machines undermining ether in the will to steal cryptocurrencies.
The researchers did not provide much details about the operation of this virus, a precaution taken to prevent similar models from being put in place, but they nevertheless provided enough information to show that the latter is active and that he has successfully hit a good number of machines.
The specialized variant of the botnet, which at the time had infected hundreds of thousands of internet-connected devices using manufacturers’ default credentials that have never been tampered with, has functions similar to those of the original version, but specifically searches for cryptocurrency mining machines.
These machines can be identified relatively easily by the robot. It looks for devices running Windows that have opened the management port 3333, a Transmission Control Protocol (TCP) port that allows the machine to connect to another host and exchange data streams, it’s here used in Ethereum network communication.
The botnet is looking for equipment that uses the Claymore Miner software, a popular tool used for Ethereum mining, a process that uses the computing power of equipment to solve complex mathematical equations needed to confirm validity. transactions on Blockchain Ethereum.
Once the botnet detects a system running “Claymore Miner” with port 3333 open and without password authentication enabled, which is the default configuration, it launches its attack to divert resources.
As a first step, Satori collects information on the state of the RIG. Then, it takes care of replacing the address of the wallet on the host machine with that of the pirate. It then restarts the system with the new address, which results in the ether extracted by the machine is delivered to the attacker, leaving the victim to use his mining equipment for someone else.
If you own a mining machine using ‘Claymore Miner’, it is strongly recommended to update the software and set up your configuration to request a password.
The post Satori, the virus that attacks Ethereum Mining Rig appeared first on 9 to 5 Live.