According to a report by Carbon Black, a company specializing in cybersecurity, scammers engaged in hidden mining also earn money by collecting protected data.
According to the report, the well-known bot network of hidden mining Access Mining contains an additional component capable of collecting IP addresses, domain information, usernames and passwords. Researchers from Carbon Black Greg Foss and Marian Liang say that the botnet has been collecting confidential data for the past two years, earning millions on this.
According to reports, 500,000 machines were attacked by Trojans using the XMRig hidden mining protocol, which led to the fraudsters receiving 8,900 XMR. Most of the infected machines were located in Russia, Eastern Europe and the Asia-Pacific region.
During this period, 500,000 computers were hacked not only using the Ghost protocol, but also data collection software. The report says that many programs taken on GitHub, such as Eternal Blue and Mimikatz, and embedded in XMRig, helped hackers update their software.
Hackers have turned the collection of protected data into a secondary source of income. While one infected machine generates an average income of $6.75, 500,000 devices can earn $1.69 million. Infected devices can even be rented for 24-48 hours as a source of passive income for hackers. Depending on the location and the owner of the computer, the value of the device may vary.
Foss and Liang say that the emergence of Access Mining is most likely the result of the fall in the price of Monero after the “bear” market of 2018. After their report, the firm released a series of tips to solve possible problems.
Hidden mining of cryptocurrencies is a common problem. Recently, it was reported that hackers use cloud services for hidden mining of cryptocurrencies, and in June of this year it became known about the hacking of more than 50,000 servers around the world. It was reported that the servers were infected with malware for hidden mining of cryptocurrencies