A new variant of the Satori botnet has sprung back to life, and this one is hacking into Claymore mining rigs and replacing the device owner's mining credentials with the attacker's own. The attacks started on January 8, a Qihoo 360 Netlab security researcher has told Bleeping Computer. Analysis of the malware's code suggests the same person behind the original Satori bot is behind this new wave as well. Brief history of the Satori botnet The Satori botnet in early December 2017 and was a heavily modified version of the infamous Mirai IoT DDoS malware. Satori did not use brute-force attacks to break into devices using default and weak credentials —like the original Mirai— but used exploit code to take over devices running with strong credentials, but using old firmware. The botnet scanned for ports 52869 (CVE-2014-8361 vulnerability in Realtek SDK-based devices) and 37215 (CVE-2017-17215 zero-day in Huawei routers).

Welcome to the ethermine, the high performance Ethereum Mining Pool. (supports all ethereum miners). Eth-proxy; Then start your miners using the following. Reason Core Security anti-malware scan for the file ethminer.exe (SHA-1 66f5b23fcd36924a044b99ffb1c07a98e7d9a4b3). Reason Core Security has detected ethminer.exe as adware or a potentially unwanted program. The increased popularity of emerging crypto-currencies such as Monero and Ethereum has put miners. Miners targeted by SSH-based hijacker. Of malware or writing.

Using just these two exploits, Satori amassed between 500,000 and 700,00 bots. Seeing the immediate danger, Internet security groups reacted and 's original C&C servers around mid-December, two weeks after Satori appeared. Netlab spots Satori.Coin.Robber variant Now, almost three weeks after the botnet went silent, Netlab researchers have spotted a new Satori variant. 'The infection speed is much slower,' Netlab researcher Li Fengpei told Bleeping Computer via email, 'so don’t be panic.' This new version keeps the old exploits, but also adds another one. The third exploit was a total surprise for researchers because it did not target IoT and networking devices, like previous Satori payloads.

Instead, Satori scanned for and deployed exploit code specific to Claymore cryptocurrency mining software. Netlab did not publish details about the exploit code to avoid further abuse, but said Satori targets a vulnerability affecting the management interface of Claymore mining software that allows attackers to interact with the device without needing to authenticate. The attacker breaks in and changes Claymore mining configuration to one of his own that mines Ethereum. New pool: eth-us2.dwarfpool.com:8008 New wallet: 0xB15A5332eB7cD2DD7a4Ec7f96749E769A371572d He also leaves a message behind, in case the device owner notices the break-in, claiming the modifications he made to the mining rig are not malicious (Spoiler: They are!). Satori dev here, dont be alarmed about this bot it does not currently have any malicious packeting purposes move along. I can be contacted at curtain@riseup.net At the time of writing, the Satori dev appears to have made (~ $980) in the past ten days just by hijacking other people's Claymore miners.

Owners are advised to review mining configurations and make sure they're running an updated version of the Claymore software. Netlab published a earlier today analyzing this new Satori variant, which they named Satori.Coin.Robber.

Other mining rig security incidents, Bitdefender noticed a wave of attacks that used default credentials to take over Ethereum mining rigs running ethOS., security expert Victor Gevers found over 3,000 Bitcoin mining rigs with Telnet ports exposed on the Internet and no passwords. Most devices were located in China., security researchers discovered a hidden backdoor in the firmware of Bitmain's Antminer mining rigs. The vulnerability was named Antbleed and Bitmain issued a firmware update to fix the problem.

Jan 17, 2018 - screen-shot-2018-01-17-at-12-26- bkeychain.com. The Satori botnet has raised its head once again with an unusual target -- rigs which mine the cryptocurrency Ethereum (ETH). More security news. Cisco 'waited 80 days' before revealing it had been patching its critical VPN flaw Espionage malware. (ETC) if you how mining Ethereum/Ethereum Classic on CPU In the column opposite the CPU ETH/ ETC click start mining You can also select the number of cores which will be mine I. Gulden NLG Mining Calculater. Claymore CryptoNote CPU Miner Used by the Malware. Io; Ethereum Classic (ETC) mining support thread For CPU mining: Ethminer.