InsideBitcoins.com

Crypto Mining Botnet Holds Clever Tactics, As Revealed By Researchers

bitcoin mining

The group of cybercriminals responsible for the crypto mining botnet, Stantinko, has recently devised some rather effective methods in order to keep themselves safe and undetected.

Showing Due Respect To Threats

Vladislav Hrčka, a malware analyst from the ESET cybersecurity firm, couldn’t help but show how impressed he was as he revealed the latest findings of his security firm. Through a recent blogpost, they discovered, and proposed countermeasures to the Tantinko botnet, which Hrčka stated was continually improving and developing new modules. These modules, according to Hrčka, lead to fascinating, unconventional techniques that the botnet uses to stay hidden.

The botnet, standing at 500,000 strong, has been within the cyber arena since 2019, spreading through malware that gets embedded into pirated content. For the most part, it targets users within Ukraine, Belarus, Russia, and Kazakhstan.

Back in its early days, the botnet focused on ad injection, click fraud, password stealing, and social network fraud. However, during the mid-2018’s they added crypto mining to their list of actions, primarily through a Monero mining module.

Downright Cheeky Countermeasures

The module itself has components capable of detecting security software, as well as being capable of shutting down any crypto mining operation that would compete. The compromised machine will have all of its resources exhausted by the hungry module.

However, the module manages to suspend its crypto mining the moment it detects a user opening task manager. The move is rather cheeky and leaves the user unwitting over what’s eating all of their processing power.

CoinMiner.Stantinko itself doesn’t even communicate with the pool directly. Instead, the module leverages proxies, the IP addresses of which they acquire through description texts of Youtube videos. In any way you look at it, that’s a pretty unique way of doing things.

Rising To The Challenges

ESET had made its first report in regard to this mining module in early November of last year. However, Stantinko has subsequently picked up new techniques in order to avoid detection from security software. This includes the obfuscation of strings in such a way that they are only present within the memory and adding resources and strings that hold no impact on functionality.

Furthermore, they can obfuscate the control flow into a hard to read format, which makes the execution order of basic blocks unpredictable as well. They add dead code that never gets executed but instead try to add legitimacy to the program’s appearance. Lastly, they implement code that does executive, but ultimately does nothing, in a bid to escape behavioral detections.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • Excellent choice for U.S. customers
  • Paypal accepted
  • CySEC & FCA regulated
  • Buy 12+ cryptocurrencies
4.5/5

eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Established stock-exchange listed company
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees and low spreads
    4.5/5

    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Views expressed are those of the writers only. Past performance is no guarantee of future results. The opinions expressed in this Site do not constitute investment advice and independent financial advice should be sought where appropriate. This website is free for you to use but we may receive commission from the companies we feature on this site.
      Avatar

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.

      Leave a Reply

      Your email address will not be published. Required fields are marked *