Guardicore Labs, a cybersecurity firm says it has identified a two-year-old complex crypto mining malware. This is a malicious bot that has remained undetected in crypto mining space for over two years.
The revelation comes at a time when scammers are lurking everywhere leveraging on the coronavirus pandemic. There are many crypto-based charities that are seeking help to tame COVID-19 and researchers are waning against the related scams.
Crypto mining botnet threat is real
Named “Vollgar”, the threat is associated with Vollar (VSD), an upcoming altcoin. However, it is targeting Windows systems that run on MS-SQL servers. According to the cybersecurity firm, there are about half a million machines spread across the globe that run on the associated servers.
Although these machines are scarce, their servers provide significant processing power. Of more concern is that the servers store user passwords, names and banking details including critical credit card information.
How the crypto mining botnet works
The complex crypto mining malware thrives on MS-SQL servers. However, the Vollgar tends to eliminate other threat activities and deploy their remote access tools (RATs) as well as the actual miners. The report goes on to add that 60 percent of the infections were short term; about 20 percent were infected for several weeks while 10 percent were repeated attacks.
The attacks point to about 120 IP addresses pointing to China. However, Guardicore stresses that the addresses have one thing in common; their machines are compromised and are being used to infect others. The security firm goes on to say that the blame goes to hosting outfits that are corrupt.
Hosting firms are to blame as they facilitate attackers to use their domain names and IP addresses. If providers do not monitor activities, increased attacks will continue to hurt the crypto goers for a long time.
Vollgar crypto mining botnet targets
According to Ophir Harpaz, a cybersecurity researcher at Guardicore Labs, Vollgar is superior compared to other crypto-jacking tools. The malware mines several altcoins including Vollar and Monero. What’s more, the bot uses a private pool as a network in its mining.
The researcher goes on to note that the bot has multi-revenue capabilities. To achieve this, it deploys several BATs in addition to the crypto miner making it a good tool in the crypto-jacking world.
Guardiscore says their investigations show that the first attack associated with the crypto mining botnet was noticed in May 2018. This makes it nearly two years after the first activity was recorded.