Leading cybersecurity firm, Carbon Black announced Thursday, a new component used in combination with 2018 Monero crypto-mining botnet by hackers for metadata seizure.
The malware attack from the mining hackers, which constitute the well-known crypto mining botnet and the new metadata collecting software is classified as “Access Mining.” This discovery, of course, indicates a more significant trend of commodity malware evolving to mask a darker purpose.
Per the report, the hackers employ the new tactics to breach into system database to access and capture confidential information such as IP addresses, usernames, and passwords.
According to the report issued, about 500,000 computers were affected by the Monero crypto-jacking mining protocol, XMRig, which collected 8,900 Monero, with most of the victims residing in Eastern Europe, Russia, and the Asian Pacific.
The metadata collecting software is seen as a patchwork of programs taken from open-source code on GitHub, which includes Eternal Blue and Mimikatz. The mining hackers modified the program on XMRig, enabling them to innovate successfully.
As further noted, that information derived from this process is sold on the dark web. So to say, the anonymous mining hackers, are probably turning to metadata seizures as a secondary source of income.
More emphasis laid by Carbon Black researchers, Marian Liang and Greg Foss shows that the botnet campaign collected the data for the past two years, which generated millions for the malware actors.
A single infected machine could sell at an average of $6.75 on the dark web markets, as per the report. Hence, the 500,000 calculatedly is worth $1.69 million.
Carbon Black further said the ‘group’s assets sit near $3.29 million, at $9,000 per Monero coin. The hackers will also rent the Infected machines for 24 to 48 hours as a source of passive income, although it depends on the machine’s owner and location, and machine value.
Foss and Liang added that “Access Mining” could be reasons for dropping Monero prices following the 2018 bear market. As a result, cybersecurity professionals are likely to change the way they classify, investigate, and protect themselves from these threats.