Malware affecting 4,700 computers every day
The Malware steals the credentials of the victim, installs a cyptominer and a Trojan module and propagates inside the network.
Also, it downloads a set of modules used for credential theft, spying, and data exfiltration.
During the discovery of security researches, it came out that globally Smominru malware-infected about 90,000 machines in August, with the rate of 4,700 computers per day.
According to Guardicore researchers, a cloud security company and a data center, post-infection, the malware steals the victim’s credentials, installs a cryptominer and a Trojan module then propagates inside the network.
cybersecurity firm Kaspersky stated in a blog post last week that the botnet uses various methods to propagate, however, it primarily infects a system in one-out-of-two ways — either by relying on the infamous EternalBlue exploit, or brute-forcing the weak credentials for different Windows services.
Even though Microsoft patched the vulnerability EternalBlue exploits, which made the WannaCry and NotPetya outbreaks possible, many companies are ignoring updates, Kaspersky said.
Kaspersky added, even after Microsoft patched the vulnerability EternalBlue exploits, which made the WannaCry and NotPetya outbreaks possible, many companies are ignoring updates.
US, Brazil, China, Taiwan, and Russia have been a victim of the most attacks, but that does not mean other countries are out of its radar. The biggest network Smominru attack was in Italy, with 65 hosts infected.
The invaders involved in it are not particular about their targets, ranging from universities to healthcare providers.
However, one characteristic is very consistent. 85 percent of infections take place on Windows 7 and Windows Server 2008 systems. Including Windows Server 2012, Windows Server 2003, and Windows XP.
After understanding the system, Smominru creates a new user, called admin$, with admin privileges, it downloads a bunch of malicious payloads.
The aim is to quietly use infected computers for mining cryptocurrency at the victim’s expense.
The malware downloads a set of modules used for credential theft, spying, and data exfiltration.
And once Smominru gets a foothold, try to propagate next within the network, the agenda is to infect systems as much as possible.
Kaspersky said, to protect their network, computers, and data from Smominru, users have to update their existing operating systems and other software regularly.
It is required for users to protect their system by using strong passwords. A secure password manager that helps you manage, create, automatically retrieve, and enter passwords might help you against brute-force attacks.
This story has been published from a wire agency feed without modifications to the text. We changed the headline and some content.