Emerging Threats

Over half a million PCs infected as hackers go after cryptocurrency

Written by a NortonLifeLock employee


What happens when cryptocurrency becomes one of the most desired forms of money? Everyone takes notice. That includes hackers. This time cybercriminals have set their eyes on Monero, a highly sought after, private and untraceable cryptocurrency.

Researchers from Proofpoint discovered a Monero mining botnet called Smominru (aka Ismo) that spreads using the EternalBlue exploit.1  This exploit, which was created by America's National Security Agency (NSA), was leaked by a hacking group called Shadow Brokers in April 2017. EternalBlue was responsible for the debilitating WannaCry ransomware attack that infected over 200,000 computers all over the world.

What is the Smominru botnet?

Smominru is a botnet that comprises over 526,000 Windows PC computers. It is known to deliver a variety of malware and Trojans to vulnerable devices, ultimately benefiting the operator by mining cryptocurrency. According to a recent report, Smominru has infected over half a million computers and could forcibly mine nearly 9,000 Monero tokens.2 At the time of writing, this amount could be worth somewhere between $2.8 to $3.6 million. According to Proofpoint, the 'hashpower,' or the speed at which mining operations unlock new units of cryptocurrency, is twice the size of other mining operations. This makes execution that much faster. Even though the bot was distributed all over the world, Russia, India and Taiwan were the most affected countries.

What precautions to take for the Smominru botnet

Just like it protected its customers from WannaCry Ransomware before it was distributed, Norton Security can help protect against Smominru. Update your Internet security suite and operating systems with the latest updates.

To check if your Norton product's definitions are up to date click here.  

Isn't it time to upgrade your security?

Upgrading to new devices and software can often mean downgrading your privacy and security. It’s time to take your security seriously. Download the full version of Norton Security Deluxe free for 30 days, and test-drive it on up to 5 of your devices – PCs, Macs, smartphones or tablets.

Create an account today and be up and running in minutes.

1 Proofpoint, "Smominru Monero mining botnet making millions for operators," January 31, 2018.
2 The Hacker News, "Cryptocurrency mining malware infected over half-million PCs using NSA exploit," January 31, 2018.

Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.