Stantinko Botnet Using Youtube to Install Crypto-Jacking Malware

November 27, 2019 By: Robert Weiss

Stantinko Botnet is an adware campaign that has been operating since 2012. According to ESET researchers, the Stantinko’s operators control a massive botnet that installs malicious browser extensions.

They can really do almost anything once the malicious windows services are installed. According to the research, the botnet has been used to perform massive searches on Google as well as brute-force attacks performed on WordPress administrator panels and others.

The newest report states that the team behind the Stantinko botnet has expanded its operations to cryptocurrency mining.

The botnet has been seen mining Monero since at least August 2018 and has recently started using Youtube to distributed its crypto-mining module.

This module’s most notable feature is the way it is obfuscated to thwart analysis and avoid detection. Due to the use of source level obfuscations with a grain of randomness and the fact that Stantinko’s operators compile this module for each new victim, each sample of the module is unique.

Crytpojacking Is Still a Huge Problem

Cryptojacking, taking control of someone else’s computer to mine cryptos, has been a problem for many years. The practice is still extremely popular as it is really profitable for the attackers.

According to Adguard, ad blocking and privacy protection software, Cryptojacking surged by 31% in 2017 and over 33,000 sites were found to be using Cryptojacking scripts.

How to Avoid it

The easiest way to avoid getting attacked is to not click random sites, links and never install anything that’s not verified. Ad-block and anti-cryptomining extensions can be really effective against these types of attacks.

Additionally, a good antivirus software can detect these attacks too.

Follow us on
Daily updates

Leave a Reply

avatar
  Subscribe  
Notify of