Malware Smominru is a notorious botnet first reported in 2017, currently responsible for infecting thousands of computers across the globe with a disturbing daily rate. With over 4,700 new infected systems every day and a shocking count of more than 90,000 in August 2019 alone, it showcases its vast destructive capabilities. The network supporting this malware relies on numerous dedicated servers, predominantly located in the US but also reaching to countries such as Malaysia and Bulgaria.
The Post-Infection Phase
Once Smominru infiltrates a computer system, the post-infection phase begins. This stage involves the malware executing several tasks, each of which further cement its grip on the victim’s system. Firstly, it steals the victim’s credentials, providing access to potentially sensitive information and systems. Secondly, the malware installs a Trojan module and a cryptominer into the system, effectively transforming the computer into a tool for harvesting cryptocurrency. Lastly, it propagates within the network, spreading itself to other interconnected systems, thus increasing its foothold and the potential damage it can cause.
The Resilience of Smominru
What makes Smominru particularly menacing is its resilience. Not only does it aggressively infect new systems, but it also has the ability to reinfect previous victims. Reportedly, approximately 25% of systems that had Smominru removed found themselves falling victim once again. This indicates that without comprehensive measures against the malware, it can persistently haunt former victims.
Victims and Targets
Smominru appears to cast a wide net in terms of target selection. Affected machines range from those belonging to universities to those in healthcare providers, indicating that the hackers behind this malware do not discriminate their targets. A significant majority, around 85%, of infections have occurred on Windows 7 and Windows Server 2008 systems. Naturally, the exact motive behind this malware is unknown, but a predominant theory suggests that the objective is to silently use the infected computers for mining cryptocurrency at the victim’s expense.
| Country | Number of Attacks |
|---|---|
| China | High |
| Taiwan | High |
| Russia | High |
| Brazil | High |
| US | High |
Malware and Botnets Explained
For those unfamiliar with the terms, malware is shorthand for malicious software designed to damage or disrupt a computer, server, or an entire network. It comes in many forms, including ransomware, spyware, worms, viruses, and Trojans – each with a unique set of capabilities and attack methods.
Similarly, a botnet stands for a ‘robot network’. It is essentially an army of infected computers that can be remotely controlled by the attacker to perform various nefarious activities. These can include sending spam, spreading viruses, or even staging DDoS (Distributed Denial of Service) attacks – all without the consent or knowledge of the computer’s owner.
The data used in this article was sourced from HBL.
