The botnet has been trying to steal digital currency generated from Windows systems running the Claymore mining software.
A botnet that’s been infecting internet routers has a new target: machines mining the cryptocurrency Ethereum.
Since Jan. 8, the botnet has been scanning the internet for Windows systems running the Claymore mining software, and tampering with them, according to security researchers at Qihoo 360 Netlab.
The malware, known as Satori, was originally spotted a month ago targeting vulnerabilities in routers from Huawei and D-Link. However, the hacker behind the malware has retooled it to also attack a vulnerability in the Claymore mining software, Netlab said in a Wednesday blog post.
By exploiting the flaw, the botnet can replace the digital wallet to which the Claymore software mines Ethereum with a hacker-controlled address. It isn’t clear how many mining rigs the botnet has hijacked. But since the attacks began, the botnet has managed to mine a single coin, which is worth about $1,000.
The botnet is among the latest hacking schemes capitalizing on the cryptocurrency craze. Others have focused on hijacking websites and Google Chrome browser extensions to secretly mine the digital currency Monero.
In regards to the Satori botnet, the hacker behind scheme is leaving a message on the mining rigs hit, according to Netlab. “Satori dev here, don’t be alarmed about this bot it does not currently have any malicious packeting purposes move along. I can be contacted at email@example.com,” the message reads.