Ethereum Mining Targeted By Satori.Coin.Robber Malware

Updated on

The Satori family of malware has been targeting Internet routers, security cameras, and other connected devices for a long time. Now a new variant of Satori is infecting rigs dedicated to cryptocurrency Ethereum mining. Satori was originally spotted last month while targeting bugs in routers from Huawei and D-Link. It was based on the notorious Mirai IoT botnet. Satori had attacked hundreds of thousands of PCs by targeting bugs in Huawei routers and Realtek SDK-based devices.

The malware is hijacking Ethereum mining rigs

Security researchers at Qihoo 360 Netlab said in a blog post that a new Satori variant is scanning the Web for Windows devices running the Claymore Mining software and attacking them. The similarities in code and scanning capabilities suggest that the new botnet is the creation of the people behind Satori. The botnet, dubbed Satori.Coin.Robber, was first spotted on January 8th. It scans the Ethereum mining hosts through management port 3333.

After taking control of the Claymore Miner software, it replaces the victim’s digital wallet address with a hacker-controlled wallet address. As a result, the attacker gets all the Ethereum coins generated. It isn’t yet clear how many Ethereum mining rigs the malware has hijacked. According to Dwarfpool, the hacker-controlled digital wallet has mined a little more than two coins, which is worth about $2160 at current rates.

The hacker was still mining more coins with a calculation power of roughly 2,100 million hashes per second. The Satori.Coin.Robber is the latest hacking scheme targeting cryptocurrencies. Many other hackers have used hijacking websites and Chrome extensions to mine digital currencies.

The bug that Satori.Coin.Robber exploits in the Claymore Miner software was part of a feature that enabled remote monitoring of Ethereum mining. Claymore seems to have patched the bug in version 10.2 of its mining software. Qihoo 360 Netlab said the malware works mainly on the Claymore Mining software, which allows management actions on 3333 ports without any password authentication.

The hacker behind Satori.Coin.Robber has alleged contacted Qihoo 360 Netlab, saying, “Satori dev here, don’t be alarmed about this bot it does not currently have any malicious packeting purposes move along.” We can’t say for sure whether it’s true. Anyway, if you use the Claymore Mining software, make sure to update it to the latest version to keep your virtual coins safe.

Is cryptocurrency a pyramid scheme?

Earlier this week, former Wells Fargo chairman and CEO Dick Kovacevich said in an interview that cryptocurrencies were a pyramid scheme. They make no sense. Unlike JPMorgan CEO Jamie Dimon, Kovacevich was careful enough not to call cryptocurrencies a “fraud.” He believes that there is no fraudulent thing happening. Jamie Dimon had called bitcoin a fraud last year, but he said recently that he regretted that statement.

Kovacevich said cryptocurrency investors are betting that someone is going to buy it. Some of them have been right. However, its fundamentals make no sense, said the former Well Fargo CEO. Warren Buffett has also expressed similar concerns. Buffett told CNBC recently that the cryptocurrency frenzy would not end well. On the other hand, Saxo Bank analyst Kay Van-Petersen predicts that bitcoin prices would skyrocket to $100,000 by the end of this year.

China, South Korea cracking down on cryptocurrencies

Bitcoin, Ripple, Ethereum, and many other cryptocurrencies have lost a large chunk of their value in the last few days. Bitcoin has declined from its December high of $20,000 to below $12,000 now. At one point on Tuesday, it was trading below $10,000. Cryptocurrency investors are worried that the governments and regulators might crack down on virtual currency.

China has already started eradicating the cryptocurrency mining industry from the country citing financial risks and excessive electricity consumption. Beijing has asked provincial governments to weed out cryptocurrency miners. The People’s Bank of China (PBOC) has also sent out a memo asking authorities to ban the centralized trading of digital currencies. Germany has also sent signals that it might crack down on bitcoin.

South Korean Justice Minister Park Sang-ki said last week that the country was preparing a bill to impose a complete ban on cryptocurrency trading. The bill was being prepared with inputs from the central bank and the Finance Ministry, said Sang-ki. South Korea is among the largest sources of demand for virtual currencies. Tax authorities in the country have also raided local cryptocurrency exchanges over tax evasion and other allegations.

Leave a Comment