Smominru Botnet Affects 500,000 Windows Machines

Smominru Botnet Affects 500,000 Windows Machines
Smominru Botnet Affects 500,000 Windows Machines

Smominru Botnet Affects 500,000 Windows Machines

A new botnet, Smominru that is focused on mining Monero cryptocurrency entrapped more than over 500,000 Windows machines all over the world. By hitting the majority of government and corporate servers, it gives a resemblance to the WannaCry attack last year that hit more than 400,000 machines worldwide.

Monero Mining Software hits 500,000 Machines

With the increasing rate of cryptocurrency related hacking incidents, a botnet called Smominru has sprung up and affected over 500,000 Windows-based computer systems to date. A sinkholing operation has been conducted by the security researchers that discovered the fact that these machines are distributed worldwide. The highest numbers are present in India, Russia, and Taiwan.  

It has been believed that the majority of these affected computers are government and corporate servers. Moreover, the Monero miner also called Ismo has been spreading via EternalBlue, a National Security Agency-linked exploit that basically targets a vulnerability in the Server Message Block of Windows on port 445. That gives it a resemblance to other global attacks namely NotPetya and WannaCry.

The Monero payment address for Smominru’s associated hash powers divulges that the botnet here was about double the size of Adylkuzz. Adylkuzz is the first crypto mining botnet that abused EternalBlue.

Monero- a popular choice for hackers

It has been believed by the experts that this application could be making 24 Monero at maximum, per day. As per the reports, Smominru’s operators have already mined 8,900 Monero approximately that is somewhere between $2.8 million and $3.6 million.

Another mining server MineXMR was also contacted about the Monero address associated with Smominru. But the mining pool banned it. This led the botnet operators to work with new domains and use the same pool to mine but on a new address. It seems that this switch was the result of the operators losing control over the third bot.

As per a report:

“Because most of the nodes in this botnet appear to be Windows servers, the performance impact on potentially critical business infrastructure may be high, as can the cost of increased energy usage by servers running much closer to capacity. The operators of this botnet are persistent, use all available exploits to expand their botnet, and have found multiple ways to recover after sinkhole operations.”

According to the reports of a security firm Talos that has studied botnets in the past with millions of victims:

“Talos has observed botnets consisting of millions of infected systems, which using our previous logic means that these systems could be leveraged to generate more than $100 million per year theoretically.”

As more and more malwares are associated with it, it appears that Monero is the coin of choice for the hackers.

According to a report, there are millions of computers in Thailand and all over the globe that is currently being used to mine Monero through malware that too without the knowledge of the PC owners that are victimized.

What are your views on this situation? Do you think due to the pseudo-anonymous nature of cryptocurrencies, this will worsen over time? Let us know your thoughts in our comment section below! 

View comments
Casper Brown 167 Articles

I am an associate content producer for the news section of Coingape. I have previously worked as a freelancer for numerous sites and have covered a dynamic range of topics from sports, finance to economics and politics.

Follow Casper @