Mirai’s variant Satori botnet attack swapping ETH wallet addresses

Jan 23, 2018360TS

Remember the Mirai attack? One year ago on October 21, 2016 , a few famous social network sites and media such as Twitter, Amazon, and Wall Street Journal were paralyzed because of the DDoS attack targeting at DYN server.

A year later, three young American computer savants pleaded guilty in an Anchorage (Alaska) courtroom to masterminding an unprecedented botnet – powered by unsecured IoT devices like security cameras and wireless routers – that unleashed sweeping attacks on significant Internet Services. FBI specially thanked 360 and other business partners for helping search the criminals.

FBI thanks 360

However, Mirai botnet attack was just a start.

Its variant Satori was revealed by Qihoo 360 Netlab in December 2017, and infected more than 280,000 IP addresses in 12 hours. Before ISP and Internet companies worked to shut it down in late December, it has got control over 500,000 to 700,000 IoT devices and created a massive Botnet.

Security companies focused on fighting the Satori Botnet’s C&C servers and sinkholed more than 500,000 botnets. But this has not gone to an end yet.

The Satori malware’s code was found on Pastebin, a site that you can store any texts on for a period of time, meaning that any malicious hackers just need to copy and paste, and then they can run the program to infect more computers.

According to Qihoo 360 Netlab, the new variant, Satori.Coin.Robber, spotted in the wild which specializes in targeting vulnerable ETH mining rigs. The botnet searched for Claymore Miner software and replaced the wallet address on the hosts with its own wallet address.

An individual who claimed to be the creator of Satori.Coin.Robber posted “Satori dev here, don’t be alarmed about this bot it does not currently have any malicious packeting purposes move along” saying that his intention was not malicious.

This is definitely up for debate.

Whether or not the actor will be arrested soon, the threat is always there. Users of the Claymore mining software should make sure they are using the latest version of the software to keep their mined cryptocurrency safe.