Smominru Botnet Affects 500,000 Windows Machines

Smominru Botnet that is focused on Monero mining entrapped more than over 500,000 Windows machines all over the world.
By Casper Brown
Updated April 16, 2025
Windows

A new botnet, Smominru that is focused on mining Monero cryptocurrency entrapped more than over 500,000 Windows machines all over the world. By hitting the majority of government and corporate servers, it gives a resemblance to the WannaCry attack last year that hit more than 400,000 machines worldwide.

Monero Mining Software hits 500,000 Machines

With the increasing rate of cryptocurrency related hacking incidents, a botnet called Smominru has sprung up and affected over 500,000 Windows-based computer systems to date. A sinkholing operation has been conducted by the security researchers that discovered the fact that these machines are distributed worldwide. The highest numbers are present in India, Russia, and Taiwan.  

It has been believed that the majority of these affected computers are government and corporate servers. Moreover, the Monero miner also called Ismo has been spreading via EternalBlue, a National Security Agency-linked exploit that basically targets a vulnerability in the Server Message Block of Windows on port 445. That gives it a resemblance to other global attacks namely NotPetya and WannaCry.

The Monero payment address for Smominru’s associated hash powers divulges that the botnet here was about double the size of Adylkuzz. Adylkuzz is the first crypto mining botnet that abused EternalBlue.

Monero- a popular choice for hackers

It has been believed by the experts that this application could be making 24 Monero at maximum, per day. As per the reports, Smominru’s operators have already mined 8,900 Monero approximately that is somewhere between $2.8 million and $3.6 million.

Another mining server MineXMR was also contacted about the Monero address associated with Smominru. But the mining pool banned it. This led the botnet operators to work with new domains and use the same pool to mine but on a new address. It seems that this switch was the result of the operators losing control over the third bot.

As per a report:

“Because most of the nodes in this botnet appear to be Windows servers, the performance impact on potentially critical business infrastructure may be high, as can the cost of increased energy usage by servers running much closer to capacity. The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations.”

According to the reports of a security firm Talos that has studied botnets in the past with millions of victims:

“Talos has observed botnets consisting of millions of infected systems, which using our previous logic means that these systems could be leveraged to generate more than $100 million per year theoretically.”

As more and more malwares are associated with it, it appears that Monero is the coin of choice for the hackers.

According to a report, there are millions of computers in Thailand and all over the globe that is currently being used to mine Monero through malware that too without the knowledge of the PC owners that are victimized.

What are your views on this situation? Do you think due to the pseudo-anonymous nature of cryptocurrencies, this will worsen over time? Let us know your thoughts in our comment section below! 

Advertisement
Casper Brown
I am an associate content producer for the news section of Coingape. I have previously worked as a freelancer for numerous sites and have covered a dynamic range of topics from sports, finance to economics and politics.
Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.